How the SolarWinds Cybersecurity Attack Affected MSPs

by | Dec 23, 2020 | Cybersecurity, INSI Articles

SolarWinds cybersecurity attack has many in Atlanta Ga and across the nation currently in panic mode wondering if their own systems have been compromised.  Unfortunately, they know that if they were compromised, then their IT support clients were compromised as well. That is a big problem!

Relationship Between SolarWinds and Managed Service Providers (MSPs)

Over the last few decades, SolarWinds has gained popularity among Managed Service Providers (MSPs) as a trusted resource for layered managed security, collective intelligence, and smart automation. Simply put, SolarWinds provides a desktop agent that allows the MSP to manage and secure your assets more efficiently.

SolarWinds Letter to Managed Service Providers

However, on December 16th, 6 days after the hack was announced, SolarWinds contacted their 15,000 MSP customers about the breach.  Subsequently, they announced that all MSP tools were to be revoked and digitally reassigned by December 21st.  While SolarWinds claimed that this is only precautionary, many MSPs felt unsettled.

History of 2020 Russian Hack “Cozy Bear”

On December 13, 2020, The Washington Post reported that multiple government agencies were breached by the Russian Foreign Intelligence Service using APT29, aka, Cozy Bear. Victims of the attack include a cybersecurity firm, called FireEye, the U.S. Treasury Department, the Internal Revenue Service, and the Nuclear Security Administration.

Upon further investigation, The New York Times discovered that SolarWinds failed to hire a Chief Information Security Officer. As a result, the staff gave the FTP Server a very weak password of solarwinds123.  Consequently, this information was made public on GitHub in 2019. As a result, this left a back door open to the SolarWinds library and the malicious code went unnoticed for nine months because it was defined as a “trusted certificate”. On December 17th, SolarWinds made a public statement that they would revoke the compromised certificates by December 21, 2020.  (Does that sound familiar?)

Cozy Bear is a Cybersecurity Supply Chain Hack

The most interesting thing about the SolarWinds cybersecurity hack is that it was a supply chain hack.  Undoubtedly, most people are aware of phishing attacks, but few are aware of supply chain hacks.  Simply put, supply chain breaches happen when a vendor is compromised and allows the attacker to gain access to their client’s data or network systems.

In this case, they infiltrated the SolarWinds Orion software updates with malicious code.  Next, the attackers were able to gain remote access to the SolarWinds clients’ environments.  Unfortunately, like most hacks, they were able to infiltrate the systems for nine months before being discovered.

Should You Be Concerned About the SolarWinds Cybersecurity Attack?

Clearly, any company that uses SolarWinds Orion software should be concerned and conduct a risk assessment.  Especially if they were advised to disable anti-malware tools before installing SolarWinds products.  Likewise, it does not matter if you use an MSP or have an internal IT department.  Indeed, the threat is still the same if this particular software is used.

Unfortunately, most small- and medium-sized businesses who use MSPs, have no idea what management software tools they use on their systems.  Nor do they know if they have arranged supply chain agreements with their vendors.  For this reason, you should ask these questions and consider getting a risk assessment if they use SolarWinds.

INSI is Not a SolarWinds Reseller

Fortunately, for our clients, INSI is not a SolarWinds client.  Therefore, none of our clients are at risk for the SolarWinds Cybersecurity breach through us, but we can’t guarantee they haven’t gotten it through another vendor.  That being said, there is nothing wrong with an MSP who has used SolarWinds products. Clearly, they have a strong reputation in the MSP world and are considered a trusted resource.  However, I would have seconds thoughts if they are not advising to get a risk assessment in light of the recent breach.

INSI Stays Current on Cybersecurity Concerns

Interestingly, INSI has been writing about this growing threat throughout 2020.  In fact, in the last several months we have covered supply chain threats and various risk assessments.  In addition, we covered how SIEM can guard against these threats.

Contact INSI today and we can walk you through the steps to ensure your data is secure and monitored.  Our Atlanta-based IT security consultants are available at 770-387-2424, option 2.


About the Author
Deborah Frazier is the author of IT Outsourcing Secrets – A Small Business Guide to Compare IT Support Companies. With nearly 20-years’ experience consulting small and medium-sized businesses on their IT support needs, she brings a wealth of knowledge to INSI as Head of Marketing and Sales. If you like this article and would like to get notified when a new article is posted, click here.

To make an appointment for more information about INSI and our Marietta and Atlanta metro IT Support services, click here.