Skip to content
  • Blog
  • Careers
  • Demo
  • Login
  • Customer Hub
  • (408) 883-8053
  • [email protected]
Facebook-f Twitter Linkedin
  • Blog
  • Careers
  • Demo
  • Login
  • Customer Hub
Menu
  • Blog
  • Careers
  • Demo
  • Login
  • Customer Hub
Resilic Logo
  • Products
  • Pricing
  • Resources
    • Learning Center
    • Special Reports
    • Events
  • Company
    • About
    • Partners
    • News
  • Contact
Menu
  • Products
  • Pricing
  • Resources
    • Learning Center
    • Special Reports
    • Events
  • Company
    • About
    • Partners
    • News
  • Contact
Resilic Logo
  • Products
  • Pricing
  • Resources
    • Learning Center
    • Special Reports
    • Events
  • Company
    • About
    • News
  • Contact
  • Blog
  • Careers
  • Demo
  • Login
  • Customer Hub
Menu
  • Products
  • Pricing
  • Resources
    • Learning Center
    • Special Reports
    • Events
  • Company
    • About
    • News
  • Contact
  • Blog
  • Careers
  • Demo
  • Login
  • Customer Hub
Facebook-f Twitter Linkedin
  • Blog
  • Careers
  • Demo
  • Login
  • Customer Hub
Menu
  • Blog
  • Careers
  • Demo
  • Login
  • Customer Hub
Resilic Logo
  • Products
  • Pricing
  • Resources
    • Learning Center
    • Special Reports
    • Events
  • Company
    • About
    • Partners
    • News
  • Contact
Menu
  • Products
  • Pricing
  • Resources
    • Learning Center
    • Special Reports
    • Events
  • Company
    • About
    • Partners
    • News
  • Contact
  • Products
  • Pricing
  • Resources
    • Learning Center
    • Special Reports
    • Events
  • Company
    • About
    • News
  • Contact
  • Blog
  • Careers
  • Demo
  • Login
  • Customer Hub
  • Blog
  • In the News
  • Press Releases
Menu
  • Blog
  • In the News
  • Press Releases

Home / Blogs / The Solar Winds Hack and Your Supply Chain

Home / The Solar Winds Hack and Your Supply Chain

RESILINC BLOGS
Feature-image-Cyber-Security-scaled

The Solar Winds Hack and Your Supply Chain

Jan 12, 2021

Resilinc Editorial Team

Cyber, Proactive risk mitigation

For corporate IT and cybersecurity professionals, the 2020 holiday season was filled with stress and long days as teams scrambled to assess whether their networks were penetrated by the widespread and stealthy hack known as Sunburst. Even more unsettling: for at least nine months before it was detected in early December, the malware had been spreading through the networks of as many 18,000 users of Solar Winds’ Orion network management software.

In a recent webinar, Resilinc’s co-founder and CTO Sumit Vakil warned that supply chain managers should also be proactively investigating how Sunburst may have affected their suppliers—and what mitigations those potentially affected suppliers are undertaking. “Right now, your IT organization is in fire drill mode. This is a massive crisis the likes of which they’ve never seen before,” said Vakil. “Chances are they’re not going to have time to think about how your suppliers or vendors may have been impacted.”

“Even if your own organization is secure, all the emails and documents that you’ve shared with suppliers, including those with sensitive IP such as instructions, build plans, and other trade secrets could become available to the hackers,” said Vakil. “Even if your communications go through a secure FTP server, chances are your supplier downloads them and puts them on Microsoft Sharepoint, which can be accessed by Sunburst.”

Vakil added that this risk extends to more than suppliers of services, parts, and materials. “Vendors who manage employee data or even your accounting firms could be impacted by this.”

Considered an “advanced persistent threat” (APT) likely originating from Russian-sponsored cyberwarfare actors, Sunburst “takes over whatever server it’s installed on and steals administrative level permissions from Microsoft Active Directory,” explained Vakil. “Then it can access the emails of high-level executives, IT staff, and others and exploit that access to work its way deeper into the network.”

Sunburst’s existence was revealed December 1 by the security firm FireEye, which announced that hackers had stolen some the firm’s “red team” tools—software used by teams of experts who act like hackers, trying to attack networks in search of vulnerabilities. Over the ensuing weeks, the extraordinary extent of Sunburst’s penetration was revealed as companies from Microsoft to Deloitte announced their networks had been hacked.

For security reasons, most companies that have been hacked will not reveal it publicly, and the full extent of the penetration may never be known. According to Vakil only a few attacks have been discovered but there’s a good chance there are a lot of latent hidden attacks that are yet to be discovered. What’s more, experts don’t fully understand the scope of the problems that Sunburst could have introduced into a network.

Still, there are mitigation measures available, including those recommended by CISA, the Cybersecurity and Infrastructure Security Agency, and Microsoft.

For supply chain practitioners and teams, Vakil recommends contacting suppliers and vendors – starting with their most critical ones – to inquire whether they run the Solar Winds’ Orion software and—if yes—what mitigations they’ve implemented (Resilinc customers can access a Sunbust supplier risk assessment survey through their account).

“It is not easy to figure out if a network has been compromised, so it’s a good idea to focus on whether your suppliers have implemented the mitigations recommended by CISA and Microsoft,” said Vakil. “As more suppliers start implementing these recommendations, some of the known issues will be addressed and we can have some level of confidence that supplier companies are doing something to address the hack. And it they are one of the approximately 18,000 companies that could be impacted, they’re putting in mitigations so the known attacks can no longer leak data.”

While this is a good starting point, companies need to remain vigilant on an ongoing basis: security experts agree that the scope of this attack could be far broader than what has been identified so far.

According to Vakil: “Supply chain teams will need to ensure that their suppliers are constantly monitoring their active directories to watch for fake accounts, elevated permissions, and other indications of a hack. You’ll need to make sure you and your suppliers are on top of the latest findings about Sunburst and implementing the most up-to-date recommended mitigations. This is the only way to make sure your suppliers are doing everything they can to protect your IP and your sensitive data.”

***

For more details on the Sunburst hack and risk management best practices, please listen to our recent webinar: SUNBURST: SolarWinds Orion Cybersecurity Attack Update.

For more information on Resilinc’s supplier assessment services – which include risk assessments for cybersecurity – please contact us.

 

 

 

 

 

 

 

Blog detail template

White Paper

China’s Energy Crisis Prompts Widespread Global Supply Chain Disruptions

Download Now

Recent Posts

Copper in flux

Hurricane proof your supply chain

Malaysia offers sourcing opportunities but with ESG concerns

Petrochemical demand is up and prices are spiking

Extreme weather is risky business for supply chains

China’s COVID policies fracture global supply chains

Securing aerospace and defense-critical supply chains

Post-pandemic, life sciences supply chains are prioritizing resilience

About Resilinc

We’re the world’s leading supply chain monitoring, mapping, and resiliency solution. Over 100k organizations partner with us to take their SCRM programs from reactive to resilient.
Request Demo

Recent Blogs

Loading...
Copper Image
Jun 21, 2022
3 MIN READ
Resilinc Editorial Team

Copper in flux

Less than four months ago, copper was setting record prices and experts were forecasting long-term...
Commodity management, Rare earth minerals
Extreme Weather
Jun 07, 2022
2 MIN READ
Resilinc Editorial Team

Hurricane proof your supply chain

If supply chain managers have time to organize a staff picnic this summer, they should...
BCP, Hurricane Preparedness, Hurricane season
Malaysia offers sourcing opportunities but with ESG concerns
May 31, 2022
3 MIN READ
Resilinc Editorial Team

Malaysia offers sourcing opportunitie...

As environmental, social and governance (ESG) ratings become more important to global companies (see recent...
Regulatory compliance, Supply Chain Visibility
Read All Blogs

Who's in your supply chain?

Better visibility starts now

Email Now|Call Now|Chat Now

Receive Our Weekly Newsletter

Subscribe
Resilinc Transparent Logo

Most Trusted, Cognitive Supply Chain Risk Management Platform

Products

Blog

Career

  • Eventwatch
  • Riskshield
  • Supplier Capability Assessment
  • R Score
  • Business Continuity
  • CyberSCRM
Menu
  • Eventwatch
  • Riskshield
  • Supplier Capability Assessment
  • R Score
  • Business Continuity
  • CyberSCRM

Company

  • About
  • News
  • Events
Menu
  • About
  • News
  • Events

Resources

  • White Papers & Reports
  • Case Studies
  • On-Demand Webinars
Menu
  • White Papers & Reports
  • Case Studies
  • On-Demand Webinars

Follows Us

Facebook-f Twitter Linkedin
Sales: [email protected] Support: [email protected] Call us: (408) 883-8053
Resilinc Transparent Logo

Most Trusted, Cognitive Supply Chain Risk Management Platform

Company

  • About
  • News
  • Events
Menu
  • About
  • News
  • Events

Resources

  • White Papers & Reports
  • Case Studies
  • On-Demand Webinars
Menu
  • White Papers & Reports
  • Case Studies
  • On-Demand Webinars
  • Products
  • Blog
  • Careers
Menu
  • Products
  • Blog
  • Careers

Follows Us

Facebook-f Twitter Linkedin
Sales: [email protected]
Support: [email protected] Call us: (408) 883-8053

© 2022 Resilinc Corporation. All rights reserved.

Data Security

Privacy Policy

Resilinc Special Report

Resilinc Special Report: Rare Earth Supply Chain Disruptions: Impacts to the High-Tech Industry

Download Now