Austin News

The SolarWinds hack last week on the supply chain allegedly was an attack by Russian operatives that leveraged the system’s own best practices, according to a local IT expert.

“SolarWinds is a tool very commonly in use and because it was exploited in a way that was very difficult to detect, it automatically spread and those organizations or agencies that were updating their tools were in effect making their systems more vulnerable in the process of doing the right thing,” Digitactics President Matt Beebe said.

Digitactics focuses on delivering IT and computer security solutions while SolarWinds software is an Austin-based vendor. 

SolarWinds provides network management and monitoring to thousands of organizations internationally as well as Fortune 500 companies and federal agencies, such as the Treasury Department and Commerce Department, according to KXAN. FireEye is among the Fortune 500 companies compromised.

“Their tool-set has been proven to be very useful for a lot of network operations and management work centers and so it’s widely used,” Beebe told Austin News. “What happened was their supply chain was infiltrated and malware was inserted into one of the libraries their software uses then it was distributed in an update around about the March timeframe, which made users of that system vulnerable.” 

SolarWinds publicized a letter to customers announcing the breach and suggested they install Orion platform version 2020.2.1 HF1

“We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted and manually executed incident as opposed to a broad system-wide attack,” the letter states.

Russia is the suspected culprit because FireEye’s network was also compromised by foreign operatives and hacking tools were allegedly stolen, according to KXAN.

Beebe, who is based in San Antonio, sees the hack as a supply chain problem.

“What I suspect we will see in the future is greater attacks on smaller players but smaller players that are broader, so all vendors need to be more serious about hardening their supply chain when it comes to software in widespread use,” he said.

Although an average American may not experience the impact of the breach, Beebe said industries could be affected globally.

“From a commercial company standpoint, it's not entirely clear at this point in time how broad as far as which industries and which verticals it impacts,” he said. “It does appear to be more of an economic, national security type target audience.”