The SolarWinds cyber attack is a large-scale, highly impactful example of a supply chain attack. SolarWinds provides a network management product called ‘Orion’, used by over 300,000 customers worldwide. When, in 2020, SolarWinds was hacked into by Russian hackers, the impact was seen and felt globally and throughout some of the most important organisations in the world.
The hackers were a part of the Russian SVR (Foreign Intelligence Service, previously known as the KGB). They were able to compromise an Orion software update, which meant that when users downloaded the new update, the SVR was given access to their networks and data. In this case, Orion was part of the supply chain for not only a high number of clients, but very high profile customers, too. SolarWinds customers using the Orion product spanned the USA, the UK, Canada, Spain, Israel and further. Their clients included the US military, hundreds of universities, the White House, 425 of the Fortune 500 Companies and many more. Although SolarWinds suggests that less than 18,000 of their customers actually installed the corrupted update, a huge number of them did. US departments from Homeland Security to the Treasury Department were breached. It is still unclear just how much data has been compromised and from where, as well as what networks the SVR still has access to today.
Highlighting the lack of emphasis given to supply chain security, the SVR attack was only spotted thanks to FireEye, a security company which discovered the breach whilst auditing their own networks, and notified the US government. It is alarming that the US government did not find the issue with similar checks to regulate their suppliers and reduce their cyber security risks, which emphasises the need for this to become common practice in many cases.
The SolarWinds example demonstrates the international impact that an attack on just one company to begin with can have. When this attacked company has access to other company’s data, the results can be catastrophic. In the SolarWinds case, the involvement of nation state hackers means that such vast expertise was also involved, and this combination led to the compromise of substantial amounts of data from some of the most important organisations and departments throughout the world.