Orion Malware Hack Increases The Need To Fortify A Vendor's Back Door

February 11, 2021

Microsoft has recently reported that they have identified and removed malicious programing that infected its network via a widely-used network management system called Orion. This malware, inserted into an Orion software update, is suspected to be just one strategy of a larger, ongoing cyberattack out of Russia.

Microsoft has been watching for signs of malicious code since learning of the malware. They state the breach has not involved "production services or customer data," and that they will continue to monitor system activity. The software leader was also able to identify several of its customers who had infected versions of the Orion software.

The cybersecurity division of the Department of Homeland Security says this cyberattack is aimed at government agencies, private businesses, and infrastructure entities. M Corey Goldman "Microsoft Sounds Alarm Over SolarWinds Cyber Attack" www.thestreet.com (Dec. 18, 2020).

 

Commentary

Officials from SolarWinds and the cybersecurity firms investigating the malware attack recently reported success in locating the malware’s source code and determining how the malicious code infiltrated the IT systems of Orion’s customers. The cybercriminals designed the malicious code to resemble legitimate network traffic, making it difficult to detect. M Corey Goldman “SolarWinds Says It Has Found Source of Massive Cyberattack” www.thestreet.com (Jan. 12, 2021).

Although the immense size of the Orion software hack is unprecedented, cybersecurity risk from third-party sources is not new.

In 2013, Target’s system breach that compromised millions of customers’ personal data, was later found to be linked to a network hack of its HVAC service provider. Hackers breached the network of the U.S. Office of Personnel Management in 2015 via its third-party supplier of background checks, stealing the identities of millions of government employees.

As organizations move to a broader remote-workplace environment, many are looking to third-party suppliers for support. Be sure to restrict access to your networks whenever possible. If third-party access to your network is necessary, make certain you evaluate the associated cybersecurity risk as part your larger risk assessment and contract management process.

Finally, your opinion is important to us. Please complete the opinion survey:

News

Remote Work Is Here To Stay, But So Are The Cyber Risks

More employees are going to work remotely. Learn why that presents even more cybersecurity challenges. Read More

IT Communication Breakdowns Lead To Higher Data Security Risks

IT can assist employees working from home to stop a cyberattack, but employees must first make the call. We examine the cybersecurity issue of remote employees not communicating with IT. Read More

Orion Malware Hack Increases The Need To Fortify A Vendor's Back Door

Microsoft found the Orion update malware on some of its network systems, emphasizing the serious nature of the hack. Learn how third-party suppliers increase cybersecurity risk. Read More