With the disclosure from MalwareBytes, more and more major security vendors are shown to be at risk. While not directly related to the SolarWinds supply chain attack, the hack was done by the same group that hit SolarWinds. Solorigate has shown the complacency of companies with actively reviewing their networks. It isn’t enough to just buy Azure P2 and put on a couple of Conditional Access Policies. IT Admins need to actively audit and monitor a network for anomalies.
Attackers to a network will generally look for the easiest way to gain access. This will be high-power user accounts without basic protections like MFA. However with Solorigate, we see some of the more complex methods that are actively being exploited. These include privilege escalation with Azure Service Principals and compromised On-Premises servers.
Solorigate also shows that attacks do not happen in 5 minutes like in movies. The malicious code in SolarWinds Orion platform was inserted months before detection. The MalwareBytes hack was detected by Microsoft in response to Solorigate. While the scope of the hack appears to be limited, information was still leaked, likely for months.
All this has shown that IT Admins still need to monitor networks in addition to their preferred security toolset. No amount of spend by companies is going to fix a culture where security is not prioritized. When security lacks, attackers will find the holes. Even if they need to be patient, they will find them. Once found, you data is an open book for these attackers to pick through. Data is the currency of the digital age. Don’t let yours slip away by not reviewing your network