SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack

SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.

Even though investigations and analysis of the recently discovered SolarWinds hack remain ongoing, it is already clear that the scope is extensive, and the full impact will likely prove to be devastating.


To recap, FireEye last month discovered what it described as a "global intrusion campaign" perpetrated via malicious, trojanized updates to SolarWinds' Orion network management software. The latest estimates indicate that the compromised SolarWinds software made its way into approximately 18,000 enterprises, government agencies, and other entities globally.


It is as yet unclear how many of those victims suffered damages as a result.


Vulnerabilities in the software supply chain are not new; according to Imperva, there have been more than 150,000 reported Common Vulnerabilities or Exposures (CVEs) in software applications and libraries since 2000. However, the SolarWinds incident has served to clearly illustrate that supply chain vulnerabilities represent significantly greater risk of compromise -- and potential for damage -- than most previously thought.


An even scarier proposition is this: if SolarWinds' flagship product could be compromised and go unnoticed for weeks or months by thousands of enterprises, including some of the world's top cybersecurity firms, how many more software supply chain compromises may already be in the wild right now, just waiting to be discovered?


A supply chain 'kill chain'


Enterprises and vendors alike must account for the risk of supply chain attacks, and adjust both strategically and tactically. Organizations should strive to create a "< ..