Case Study SolarWinds Attack 2024 version PDF VERSION

Case Study SolarWinds Attack 2024 version PDF VERSION

• 1.
  The Case Studyof SolarWinds Cyberattack Introduction: A data breach is any security incident in which unauthorized parties access sensitive or confidential information, including personal data (Social Security numbers, bank account numbers, healthcare data) and corporate data (customer records, intellectual property, financial information) (Kosinski, 2024). An example of it is software supply chain attacks. A supply chain attack is a type of cyberattack that targets organizations by focusing on weaker links in an organization's supply chain. The supply chain is the network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product. The supply chain encompasses everything from the delivery of materials from the supplier to the manufacturer through to its delivery to the end user. By targeting a weak point in a supply chain, a cyberattack may be more likely to succeed -- with attackers taking advantage of the trust that organizations may have in third-party vendors. Supply chain attacks are a type of island-hopping attack (Gillis, 2022). SolarWinds, an Oklahoma-based software company, provides network management tools to numerous organizations globally. Their product Orion, an IT performance monitoring system, was at the center of a major cybersecurity incident known as the SolarWinds hack. This supply chain attack, attributed to a group called Nobelium (suspected to be the Russian Foreign Intelligence Service), compromised thousands of SolarWinds customers' networks and data. The unprecedented scale of this
• 2.
  breach makes itone of the largest recorded cyberattacks. The attack began in September 2019 with a "dry run," followed by the injection of malicious code into SolarWinds' Orion software updates in February 2020. Unaware of the compromise, SolarWinds distributed these updates to customers. The “trojanized” code created a "backdoor," allowing remote access to infected systems. SolarWinds estimates that about 18,000 customers received the compromised update. The attackers then focused on a smaller group of high-value targets, particularly within the federal government, for espionage purposes. This incident significantly impacted the U.S. government, as many federal agencies use SolarWinds for network monitoring, potentially exposing sensitive information systems to the threat actors (Oladimeji, 2023). Methodology: Case study methodology is a research approach that utilizes multiple sources of evidence to draw meaningful conclusions (Yin, 2009). It's particularly useful for tackling complex issues, often within the context of real-world decision-making scenarios. To provide readers with actionable insights, case writers must conduct thorough, multi- dimensional analyses of all relevant data. These methodologies, when combined, create a comprehensive study. An effective case study not only tells a compelling story to engage readers emotionally but also presents a thorough data analysis to offer intellectual validation (Flyvbjerg, 2006). The choice of data sources and methods is determined by the study’s objectives. For instance, if the goal is to enhance a brand's social media presence, the focus would be on gathering information about digital marketing channels and competitors' strategies. Conversely, if the aim is to develop a succession plan for a small business, the emphasis would shift towards management structures and long-term
• 3.
  operational strategies. Thischapter will discuss the understanding and mitigating the risks of a supply chain attack about SolarWinds Hack (Florenthal, B., & Ismailovski, A., 1970). Results and Discussion: The SolarWinds Orion software, widely used by large companies and government agencies, was exploited in a major supply chain attack. Hackers inserted malicious code into software updates, potentially compromising numerous systems worldwide. The attack's full scope and purpose remain unclear, but it could enable access to sensitive information and networks. The incident primarily targeted government agencies, though many private enterprises may have been affected collaterally. While Russia denied involvement, then- President Trump suggested China might be responsible, despite lacking evidence. Experts generally attributed the attack to Russian actors. Upon taking office, President Biden promised to hold Russia accountable and ordered a comprehensive review of the attack. He also created a new cybersecurity position within the National Security Council to improve the government's response to such threats (Oladimeji, 2023). The timeline of SolarWinds attack was established (TechTarget, 2023): • September 2019. Threat actors gain unauthorized access to SolarWinds network • October 2019. Threat actors test initial code injection into Orion
• 4.
  • Feb. 20,2020. Malicious code known as Sunburst injected into Orion • March 26, 2020. SolarWinds unknowingly starts sending out Orion software updates with hacked code Federal Government timeline (GOA Gov, 2021): • Dec. 13, 2020. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) releases Mitigate SolarWinds Orion Code Compromise, Emergency Directive 21-01, which outlines the required mitigations for federal agencies. • Dec. 16, 2020. National Security Council staff activate the Cyber Unified Coordination Group (UCG), comprised of CISA, FBI, and the Office of the Director of National Intelligence, with support from National Security Agency (NSA) According lo CISA, all federal agencies with systems that had been compromised affirmed that the SolarWinds Orion software was disconnected or powered down. • Dec. 17, 2020. CISA releases Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, Alert (AA20-352A) NSA issues Detecting Abuse of Authentication Mechanisms, a Cybersecurity Advisory that provides guidance on techniques agencies could use to detect threats and defend against unauthorized access. • Dec. 18, 2020. Cyber UCG briefs members of Congress about the breach • Dec. 24, 2020. CISA releases Sparrow, a software tool that is used to detect malicious activity for the Microsoft Azure/Office 365 cloud environments
• 5.
  • Jan. 5,2021. A joint release from the Cyber UCG states that the breach was likely Russian in origin • Jan. 13, 2021. The White House appoints a Deputy National Security Advisor for Cyber and Emerging Technology to lead the federal response to the breach • Feb. 08, 2021. CISA releases two malware analysis reports, SUNBURST (AR21-039A) and TEARDROP (AR21-0398) • Feb. 17, 2021. Deputy National Security Advisor for Cyber and Emerging Technology confirms the breach was likely of Russian origin, and that nine federal agencies had systems compromised • Apr. 15, 2021. NSA, CISA, and FBI jointly confirm the Russian Foreign Intelligence Service as the threat actor in a Cybersecurity Advisory. The White House releases Executive Order 14024 issuing sanctions targeting the harmful foreign activities of the Russian Government • Apr. 19, 2021. National Security Council staff deactivate the Cyber UCG and stale that lessons learned from this incident will be used to improve future federal government responses to significant cyber incidents According to a U.S. Department of Homeland Security advisory, the affected versions of SolarWinds Orion are versions are 2019.4 through 2020.2.1 HF1. More than 18,000 SolarWinds customers installed the malicious updates, with the malware spreading undetected. Through this code, hackers accessed SolarWinds's customer information technology systems, which they could then use to install even more malware to spy on other companies and organizations (TechTarget, 2023).
• 6.
  IMPACTS (Zywave, Inc.,2021): Recovery expenses: The SolarWinds attack is estimated to cost over $90 million in combined recovery efforts for the company and affected customers. These expenses cover investigation, notification, malware removal, data recovery, and improved cybersecurity measures. As federal agencies were impacted, some costs may ultimately be borne by U.S. taxpayers. Reputation damage: SolarWinds faced severe criticism for its security failures, particularly its inability to detect the initial breach and the malware in its Orion software. The revelation of weak password practices (e.g., "solarwinds123") further damaged the company's reputation. Consequently, SolarWinds' stock price dropped 40% in the week following the incident's disclosure. Legal consequences: In January 2021, shareholders initiated a class-action lawsuit against SolarWinds for cybersecurity negligence. The SEC also began investigating whether affected customers accurately reported the incident's impact in their financial statements. As more information emerges, both SolarWinds and its customers may face additional lawsuits and regulatory penalties.
• 7.
  References: • Oladimeji, S.(2023, November 3). SolarWinds hack explained: Everything you need to know. TechTarget. Retrieved June 28, 2024, from https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained- Everything-you-need-to-know • Kosinski, M. (2024, May 24). What is a data breach?. IBM. https://www.ibm.com/topics/data-breach • Gillis, A. S. (2022, October N/A). What is a Supply Chain Attack? TechTarget. Retrieved June 28, 2024, from https://www.techtarget.com/searchsecurity/definition/supply-chain-attack • Zywave, Inc. (2021, October 17). Cyber Case Study: SolarWinds Supply Chain Cyberattack. Ollis/Akers/Arney. Retrieved June 28, 2024, from https://ollisakersarney.com/blog/cyber-case-study-solarwinds-supply-chain- cyberattack/ • GAO Gov. (2021, April 22). SolarWinds Cyberattack Demands Significant Federal and Private-Sector Response (infographic). Government Accountability Office. Retrieved June 28, 2024, from https://shorturl.at/4FJxd • Marelli, M. (n.d.). The solarwinds hack: Lessons for international humanitarian ... International Review of the Red Cross. https://international- review.icrc.org/sites/default/files/reviews-pdf/2022-06/the-solarwinds-hack- lessons-for-international-humanitarian-organizations-919.pdf https://rmcglobal.com/wp-content/uploads/2022/08/2020-SolarWinds-Hack-A- Case-Study-of-the-Russian-Cyber-Threat-July-2021.pdf
• 8.
  • Kruti, A.,Butt, U., & Sulaiman, R. B. (2023, August). (PDF) a review of Solarwinds attack on Orion platform using persistent threat agents ANF techniques for gaining unauthorized access. ResearchGate. https://www.researchgate.net/publication/373262598_A_review_of_SolarWinds_ attack_on_Orion_platform_using_persistent_threat_agents_anf_techniques_for_ gaining_unauthorized_access • Florenthal, B., & Ismailovski, A. (1970, January 1). Case study methodology: An analysis of effective methods in business cases. IGI Global. https://www.igi- global.com/chapter/case-study-methodology/230239
• 9.
  Yokimura Dimaunahan - ResearchIntro and RAD, Citations. Aleli Rose Raca - Research Intro and Methodology and RAD, Citations Jewelles Cusi - Research Intro and Methodology Von Dimacuha - RAD Christian Caballero - RAD Andrei Pesigan - Introduction - Group Work: