The SolarWinds attack, which infiltrated over 100 high-profile organizations, demonstrated how even the most trusted software can be compromised by sophisticated hackers. Although the attack targeted large organizations, the methods used carry critical warnings for small and midsize businesses (SMBs). In this article, we’ll explain how the SolarWinds attack occurred and what steps value-added resellers (VARs) can take to help SMBs defend against similar threats.
What is a Supply Chain Attack?
The SolarWinds hack is a prime example of a supply chain attack, where nation-state hackers penetrate a target through a trusted third-party vendor. In this case, Russian state-sponsored hackers, known as Hafnium, exploited vulnerabilities in SolarWinds’ software update to infiltrate the networks of government agencies and major corporations. The attackers inserted malware into the SolarWinds product, which was then distributed through a trusted software update, giving the hackers access to sensitive data and communications.
The Scope of the SolarWinds Attack
SolarWinds’ software, widely used to manage networks across government agencies, Fortune 500 companies, and nonprofits, became a Trojan horse for hackers. By compromising the software’s update, Hafnium gained access to about 100 high-value U.S. targets, including:
- U.S. Government: Departments of Commerce, Defense, Energy, Homeland Security, Justice, and more.
- Technology Companies: Microsoft, Intel, Cisco, Nvidia, VMware, and others.
- Consulting Firms: Deloitte.
- Telecommunications: Comcast, AT&T, and Cox Communications.
The primary objective of the attackers was espionage, gaining access to sensitive emails and data. From their foothold, the hackers could move laterally within the compromised networks, exfiltrating files and evading detection.
Why SMBs Are Vulnerable to Supply Chain Attacks
Although the SolarWinds attack targeted large organizations, SMBs are just as vulnerable, if not more so, to similar tactics. Here’s why:
-
Weaker Cybersecurity Defenses: Many SMBs lack the sophisticated cybersecurity infrastructure that larger enterprises have. This makes them prime targets for supply chain attacks.
-
Lack of IT Resources: Smaller businesses often rely on external vendors or limited IT resources, which can make it difficult to detect and respond to advanced threats like those used in the SolarWinds attack.
-
Trust-Based Security: SMBs often trust third-party vendors without verifying their security. The SolarWinds hack exploited this trust, and smaller businesses are just as susceptible to these kinds of attacks.
-
Lower Costs for Hackers: Hackers can realize a high return on investment (ROI) when targeting SMBs through supply chain attacks, as these businesses often have fewer security controls in place.
Three Steps VARs Can Take to Protect SMBs from Supply Chain Attacks
1. Recognize Trust Model Vulnerabilities
The first step is to educate your SMB customers about the risks of traditional trust-based security models. Use the SolarWinds example to demonstrate how even the most secure networks can be compromised by trusted software. Help your customers understand that no vendor or third-party connection is beyond scrutiny.
2. Adopt a Zero Trust Strategy
Introduced by Forrester Research over a decade ago, the Zero Trust strategy eliminates the assumption of trust in network security. Under Zero Trust, every application and user is given the minimum level of access needed to perform their tasks. This approach reduces the risk of a supply chain attack, as no application or user is granted unlimited access to the IT infrastructure. Encourage your SMB customers to implement a Zero Trust architecture to strengthen their defenses.
3. Always Verify
The saying “trust but verify” is especially relevant in today’s cybersecurity environment. Advancements in machine learning make it easier to detect unusual behavior from users or applications, signaling a potential breach. Suggest that your SMB customers use anomaly detection tools to continuously monitor for suspicious activity. These tools can add a vital layer of protection to their infrastructure.
Defending Against Sophisticated Con Artists
Supply chain hacks like the SolarWinds attack are executed by sophisticated cybercriminals who exploit trusted relationships. The IT community, including VARs, must remain vigilant in recognizing and defending against these tactics. SMBs are particularly at risk due to their reliance on trusted third-party vendors and limited security resources.
The SolarWinds hack serves as a wake-up call for businesses of all sizes, including SMBs. VARs can play a critical role in helping their customers improve their security posture by moving from traditional trust-based models to Zero Trust strategies that are better equipped to withstand supply chain attacks.
For more information on how to secure your organization, contact us today!