WASHINGTON (Reuters) – In a earnings call two months ago, SolarWinds CEO Kevin Thompson said how far the company had come in its 11 years at the helm.
There was no database or IT deployment model that his Austin, Texas-based company did not provide any level of oversight or management, analysts told the Oct. 27 call.
“We don’t think anyone else in the market is even close in terms of the breadth of coverage we have,” he said. “We manage everyone’s network equipment”.
Now, dominance has become a must: an example of how battlehorse software helps glue organizations become toxic when subverted by sophisticated hackers.
On Monday, SolarWinds confirmed that Orion, its flagship network management software, had served as an involuntary conduit for an extensive international cyberespionage operation. Hackers inserted malicious code into Orion software updates that reached nearly 18,000 customers.
And while the number of affected organizations is believed to be much more modest, hackers have already reduced their access to consequent breaches of the U.S. Treasury and Commerce Department.
Three people familiar with the investigation have told Reuters that Russia is the main suspect, although others familiar with the investigation have said it is still too early to know.
A SolarWinds representative, Ryan Toohey, said he would not make executives available for his comments. He did not provide recorded answers to questions sent by email.
In a statement issued Sunday, the company said it “strives to implement and maintain the appropriate administrative, physical and technical safeguards, security processes, procedures and standards designed to protect our customers.”
Cybersecurity experts continue to struggle to understand the extent of the damage.
The malicious updates, sent between March and June, when the United States was about to withstand the first wave of coronavirus infections, were “the perfect time for a perfect storm,” said Kim Peretti, who co-chairs the Atlanta-based law firm Alston & Bird’s. cybersecurity preparedness and response team.
Assessing the damage would be difficult, he said.
“We may not know the real impact for many months, if not more, if not ever,” he said.
The impact on SolarWinds was more immediate. U.S. officials ordered anyone running Orion to disconnect him immediately. Shares of the company fell more than 23 percent from $ 23.50 on Friday – before Reuters reported the breach – to $ 18.06 on Tuesday.
The security of SolarWinds, meanwhile, has been subjected to a new control.
According to two investigators who had separate access to these forums, in a number not previously reported, several criminals have offered to sell access to SolarWinds computers through underground forums.
One of those that offered claimed access to the Exploit forum in 2017 was known as “fxmsp” and the FBI wants to “implicate it in several high-profile incidents,” said Mark Arena, executive director of the cybercrime intelligence firm Intel471. Arena informed customers of his company, including U.S. law enforcement agencies.
Security researcher Vinoth Kumar told Reuters that last year he alerted the company that anyone could access SolarWinds ’update server using the“ solarwinds123 ”password.
“Any attacker could have done that easily,” Kumar said.
Neither the password nor the stolen access is considered the most likely source of the current intrusion, investigators said.
Others, including Kyle Hanslovan, co-founder of Maryland-based cybersecurity company Huntress, realized that days after SolarWinds realized its software was compromised, malicious updates were still available for download.
The firm has long debated the idea of shifting its business from managed service providers and on Dec. 9 announced that Thompson would be replaced by Sudhakar Ramakrishna, the former CEO of Pulse Secure. Three weeks ago, SolarWinds posted a job posting to look for a new security vice president; the position continues to appear as open.
Thompson and Ramakrishna could not be reached for comment.
Report by Raphael Satter and Christopher Bing. Jack Stubbs helped report from London; Edited by Lisa Shumaker