WASHINGTON:On an earnings call two months ago, SolarWinds Chief Executive Kevin Thompson touted how far the company had gone during his 11 years at the helm.
There was not a database or an IT deployment model out there to which his Austin, Texas-based company did not provide some level of monitoring or management, he told analysts on the Oct. 27 call.
"We don't think anyone else in the market is really even close in terms of the breadth of coverage we have," he said. "We manage everyone's network gear."
Now that dominance has become a liability - an example of how the workhorse software that helps glue organizations together can turn toxic when it is subverted by sophisticated hackers.
On Monday, SolarWinds confirmed that Orion - its flagship network management software - had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.
And while the number of affected organizations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce.
Three people familiar with the investigation have told Reuters that Russia is a top suspect, although others familiar with the inquiry have said it is still too early to tell.
A SolarWinds representative, Ryan Toohey, said he would not be making executives available for comment. He did not provide on-the-record answers to questions sent via email.
In a statement issued Sunday, the company said "we strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers."
Cybersecurity experts are still struggling to understand the scope of the damage.
The malicious updates - sent between March and June, when America was hunkering down to weather the first wave of coronavirus infections - was "perfect timing for a perfect storm," said Kim Peretti, who co-chairs Atlanta-based law firm Alston & Bird's cybersecurity preparedness and response team.
Assessing the damage would be difficult, she said.
"We may not know the true impact for many months, if not more – if not ever," she said.
The impact on SolarWinds was more immediate. U.S. officials ordered anyone running Orion to immediately disconnect it. The company's stock has tumbled more than 23% from $23.50 on Friday - before Reuters broke the news of the breach - to $18.06 on Tuesday.
SolarWinds' security, meanwhile, has come under new scrutiny.
In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds' computers through underground forums, according to two researchers who separately had access to those forums.
One of those offering claimed access over the Exploit forum in 2017 was known as "fxmsp" and is wanted by the FBI "for involvement in several high-profile incidents," said Mark Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company's clients, which include U.S. law enforcement agencies.
Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds' update server by using the password "solarwinds123"
"This could have been done by any attacker, easily," Kumar said.
Neither the password nor the stolen access is considered the most likely source of the current intrusion, researchers said.
Others - including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress - noticed that, days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.
The firm has long mooted the idea of spin-off of its managed service provider business and on Dec. 9 announced that Thompson would be replaced by Sudhakar Ramakrishna, the former chief executive of Pulse Secure. Three weeks ago, SolarWinds posted a job ad seeking a new vice president for security; the position is still listed as open.
Thompson and Ramakrishna could not be reached for comment.
Bernama
Wed Dec 16 2020
While the number of affected organisations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce. REUTERSpic
Lebanese search for dead in devastated villages as Israel withdraws
Hezbollah says Israel was still occupying Lebanese territory and put the onus on the Lebanese state to get Israeli forces out.
China promises Latin America 'trustworthy' ties as Trump lays out demands
Beijing looks to improve its foothold in a region historically under the US sphere of influence.
Major risks loom as Trump upends US Russia policy
Washington's approach changes dramatically with the initial meeting between US and Russian negotiators.
Pope Francis has double pneumonia, complicating his treatment, Vatican says
Doctors say a polymicrobial infection occurs when two or more micro-organisms are involved and can be caused by bacteria, viruses, or fungi.
Philippines' VP Duterte challenges impeachment before Supreme Court
Sara Duterte makes her first legal move to fight the case that could lead to her removal and lead to a lifetime ban from public office.
Motor racing - Hamilton steps out in red at unprecedented 10 team F1 launch
I feel so full of life, so much energy, because everything's new and I'm just focused on what is up ahead, Hamilton says.
UAE tells US' Rubio it rejects displacement of Palestinians
The UAE's stance matters as its one of four Arab nations that normalised ties with Israel during Trumps first term.
Taylor Swift wins recording artist of the year crown for fifth time
The megastar's "The Tortured Poets Department" record also topped four IFPI charts, the IFPI says.
More than $50 billion needed to rebuild Gaza, World Bank joint assessment says
Years of rebuilding work, including clearing unexploded ordinance and millions of tonnes of rubble lie ahead.
Malaysia’s AI data centre development to be impacted by recent US restrictions - Liew
Liew Chin Tong says the restrictions would not affect the development of the domestic data centre ecosystem as a whole.
Sweden's top court rejects Greta Thunberg lawsuit on climate action
A court cannot decide that the parliament or the government must take any specific action, the Supreme Court says.
![[COLUMNIST] Trump’s Gaza (pipe) dream](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-10/51728873693_EMIR.jpg "[COLUMNIST] Trump’s Gaza (pipe) dream")
[COLUMNIST] Trump’s Gaza (pipe) dream
The Gaza plan is dangerous and counter-productive as it's merely another recipe for regional instability.
Sivasangari eyes new career-high in world rankings
After climbing to a career-best world number seven, national women's squash ace S. Sivasangari is determined to keep rising.
Outburst against Steven Sim: DAP will probe if there's a complaint - Loke
DAP secretary-general Anthony Loke says the disciplinary committee has not received any reports related to the incident so far.
US judge will not block Elon Musk from firing federal workers, accessing data
The case raises questions about Musk's apparent unchecked authority as a top deputy to President Donald Trump.
Dozens of false killer whales stranded on remote Australian beach
Rescue crews trying to save the majority of the large dolphins that survived the ordeal, according to authorities.
Trump restricts AP access over Gulf of Mexico issue
The AP, citing editorial standards, says it would continue to use the gulf's established name.
China to fly back 200 nationals rescued from Myanmar scam centres, Thai official says
This is part of a multinational effort to crack down on illegal online operations run from the region.
Somber Tiger Woods back in action in TGL loss to New York GC
Tiger Woods makes his first start since the death of his mother when he competed in a TGL match at Palm Beach Gardens.
Brazil's ex-President Bolsonaro charged in alleged coup plot
A total of 34 people were charged, including several military officials.