Breaching SolarWinds

March 4, 2021

The SolarWinds’ story continues to delight. I read “Former SolarWinds CEO Blames Intern for Solarwinds123 Password Leak.” That’s a heck of a password if I say so myself. Definitely better than admin or password.

How did the hackers breach a company providing services to thousands of clients? Here are the reasons reported by CNN:

  1. An intern fumbled the ball
  2. Brute force guessing of passwords
  3. Some other outfit created software which SolarWinds used and caught malware.

There is a fourth possibility, and it is the one which seems to be one of the more popular ways to gain access to an organization’s network. What is it? Dumpster diving? Mental telepathy? Trawling through open source code looking for credentials? (That’s a pretty good method by the way.)

Nope.

Just strike up a conversation on a social media site, a Dark Web forum, or an encrypted messaging group and [a] use social engineering to get a user name and password, [b] watch for an employee who is not happy with his or her employer, [c] threaten an employee’s mom or family, [d] phishing, or [e] pay a third party contractor writing code for SolarWinds in a far off land.

The preferred approach of bad actors is usually the easiest, simplest, and most hassle free.

Compromising a careless outfit is easy. Even organizations with buttoned up security are vulnerable.

What’s obvious is that the SolarWinds’ misstep reflects on an organizational approach to operating its business. If the company were a railroad, it is conceivable that the firm would lose freight cars, engines, and the keys to the operations office.

What’s fascinating is that the present and former CEO of SolarWinds threw an intern under the digital bus. Nothing like manning up in my opinion.

Stephen E Arnold, March 4, 2021

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta