WASHINGTON:On an earnings call two months ago, SolarWinds Chief Executive Kevin Thompson touted how far the company had gone during his 11 years at the helm.
There was not a database or an IT deployment model out there to which his Austin, Texas-based company did not provide some level of monitoring or management, he told analysts on the Oct. 27 call.
"We don't think anyone else in the market is really even close in terms of the breadth of coverage we have," he said. "We manage everyone's network gear."
Now that dominance has become a liability - an example of how the workhorse software that helps glue organizations together can turn toxic when it is subverted by sophisticated hackers.
On Monday, SolarWinds confirmed that Orion - its flagship network management software - had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.
And while the number of affected organizations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce.
Three people familiar with the investigation have told Reuters that Russia is a top suspect, although others familiar with the inquiry have said it is still too early to tell.
A SolarWinds representative, Ryan Toohey, said he would not be making executives available for comment. He did not provide on-the-record answers to questions sent via email.
In a statement issued Sunday, the company said "we strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers."
Cybersecurity experts are still struggling to understand the scope of the damage.
The malicious updates - sent between March and June, when America was hunkering down to weather the first wave of coronavirus infections - was "perfect timing for a perfect storm," said Kim Peretti, who co-chairs Atlanta-based law firm Alston & Bird's cybersecurity preparedness and response team.
Assessing the damage would be difficult, she said.
"We may not know the true impact for many months, if not more – if not ever," she said.
The impact on SolarWinds was more immediate. U.S. officials ordered anyone running Orion to immediately disconnect it. The company's stock has tumbled more than 23% from $23.50 on Friday - before Reuters broke the news of the breach - to $18.06 on Tuesday.
SolarWinds' security, meanwhile, has come under new scrutiny.
In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds' computers through underground forums, according to two researchers who separately had access to those forums.
One of those offering claimed access over the Exploit forum in 2017 was known as "fxmsp" and is wanted by the FBI "for involvement in several high-profile incidents," said Mark Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company's clients, which include U.S. law enforcement agencies.
Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds' update server by using the password "solarwinds123"
"This could have been done by any attacker, easily," Kumar said.
Neither the password nor the stolen access is considered the most likely source of the current intrusion, researchers said.
Others - including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress - noticed that, days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.
The firm has long mooted the idea of spin-off of its managed service provider business and on Dec. 9 announced that Thompson would be replaced by Sudhakar Ramakrishna, the former chief executive of Pulse Secure. Three weeks ago, SolarWinds posted a job ad seeking a new vice president for security; the position is still listed as open.
Thompson and Ramakrishna could not be reached for comment.
Bernama
Wed Dec 16 2020
While the number of affected organisations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce. REUTERSpic
COP29 climate summit draft proposes rich countries pay $250 billion per year
The draft finance deal criticised by both developed and developing nations.
Bomb squad sent to London's Gatwick Airport after terminal evacuation
This was following the discovery of a suspected prohibited item in luggage.
Kelantan urges caution amidst northeast monsoon rains
Kelantan has reminded the public in the state to refrain from outdoor activities with the arrival of the Northeast Monsoon season.
Former New Zealand PM Jacinda Ardern receives UN leadership award
Former New Zealand prime minister Jacinda Ardern was given a global leadership award by the United Nations Foundation.
ICC'S arrest warrants for Netanyahu, Gallant an apt decision - PM
The decision of the ICC to issue arrest warrants against Benjamin Netanyahu and Yoav Gallant is apt, said Datuk Seri Anwar Ibrahim.
KTMB provides two additional ETS trains for Christmas, school holidays
KTMB will provide two additional ETS trains for the KL Sentral-Padang Besar route and return trips in conjunction with the holidays.
BNM'S international reserves rise to USD118 bil as at Nov 15, 2024
Malaysia's international reserves rose to US$118.0 billion as at Nov 15, 2024, up from US$117.6 billion on Oct 30, 2024.
Findings by dark energy researchers back Einstein's conception of gravity
The findings announced are part of a years-long study of the history of the cosmos focusing upon dark energy.
NRES responds to Rimbawatch press release on COP29
The Ministry of Natural Resources and Environmental Sustainability (NRES) wishes to offer the following clarifications to the issues raised.
Online Safety Bill and Anti-Cyberbullying Laws must carefully balance rights and protections
The Online Safety Advocacy Group (OSAG) stands united with people in Malaysia in the fight against serious online harms.
Malaysia's inflation at 1.9 pct in Oct 2024 - DOSM
Malaysia's inflation rate for October 2024 has increased to 1.9 per cent, up from 1.8 per cent in September this year.
Saudi Arabia showcases Vision 2030 goals at Airshow China 2024
For the first time, Saudi Arabia is participating in the China International Aviation & Aerospace Exhibition held recently in Zhuhai.
King Charles' coronation cost GBP 71mil, govt accounts show
The coronation of Britain's King Charles cost taxpayers GBP72 million (US$90 million), official accounts have revealed.
Couple and associate charged with trafficking 51.9 kg of meth
A married couple and a man were charged in the Magistrate's Court here today with trafficking 51.974 kilogrammes of Methamphetamine.
PDRM to consult AGC in completing Teoh Beng Hock investigation
The police may seek new testimony from existing witnesses for additional insights into the investigation of Teoh Beng Hock's death.
Thai court rejects petition over ex-PM Thaksin's political influence
Thailand's Constitutional Court rejects a petition seeking to stop Thaksin Shinawatra from interfering in the running the Pheu Thai party.
Abidin takes oath of office as Sungai Bakap assemblyman
The State Assemblyman for Sungai Bakap, Abidin Ismail, was sworn in today at the State Assembly building, Lebuh Light.
UPNM cadet officer charged with injuring junior, stomping on him with spike boots
A cadet officer at UPNM pleaded not guilty to a charge of injuring his junior by stomping on the victim's stomach with spike boots.
How Indian billionaire Gautam Adani's alleged bribery scheme took off and unraveled
The indictment was unsealed on Nov. 20, prompting a $27 billion plunge in Adani Group companies' market value.
Elon Musk blasts Australia's planned ban on social media for children
Several countries have already vowed to curb social media use by children through legislation, but Australia's policy could become one of the most stringent.