Professional Documents
Culture Documents
Cyber Attack Due To Supply Chain Managment
Cyber Attack Due To Supply Chain Managment
Catalog
Solar Winds Cyber Attack .........................................................................................................................2
(1) Introduction. .................................................................................................................................2
(2) Details of the incident. ................................................................................................................. 4
A) Chronological overview of the cybersecurity breach. ..........................................................4
B) Explain what occurred. ......................................................................................................... 5
C) Type of cybersecurity incident. ............................................................................................ 7
D) What data was stolen. ...........................................................................................................7
E) Organization’s response. .......................................................................................................8
(3) Impact(s) on the organization (~500 words) ..............................................................................10
a) Provide details of how the responsibilities were divided, concerning supply chain
management in the incident. ....................................................................................................10
b) Provide a summary of how the cybersecurity breach affected the organization (e.g.,
financial ................................................................................................................................... 12
(4) Conclusion. ................................................................................................................................ 13
(5) References ..................................................................................................................................16
1
Cyber Attack initiated through a third (3rd) party supplier
2
Cyber Attack initiated through a third (3rd) party supplier
3
Cyber Attack initiated through a third (3rd) party supplier
4
Cyber Attack initiated through a third (3rd) party supplier
5
Cyber Attack initiated through a third (3rd) party supplier
6
Cyber Attack initiated through a third (3rd) party supplier
7
Cyber Attack initiated through a third (3rd) party supplier
E) Organization’s response.
In December 2020, Microsoft detected some anomalies in his system
response. After initial investigation they found the compromised
accounts and data breech. They found some similarities in all the
compromised accounts as they were showing the same signature of
attack. The Digital forensics teams found that this attack came from
Orion a software product of solar winds. As these account were
associated with the Orion as of a third party software in the supply
chain. Solar Winds was informed by this attack that used there
product as a main carrier to penetrate other valuable targets.
Solar Winds responded to this Attack swiftly and appropriately.
They started there response by clearing their systems that were
infected of the malicious software within few days of notification.
They clear the infection by disconnecting, patching, or applying a
mitigation scripts to their Infrastructure. The following remediation
steps were taken by all the regulated companies to mitigate and clear
risks associated with the Solar Winds Attack included,
8
Cyber Attack initiated through a third (3rd) party supplier
9
Cyber Attack initiated through a third (3rd) party supplier
There are many more general frameworks, such as the ISO 9001,
Capability Maturity Model (CMM), SOC 2, Common Criteria etc.
These complainces are best on well researched and well assessed
best practices.
In case of Solar winds of course they were not well prepared for this
kind of security incident. After this incident they admitted that there
systems weren’t able to catch the malware and malicious events
10
Cyber Attack initiated through a third (3rd) party supplier
11
Cyber Attack initiated through a third (3rd) party supplier
12
Cyber Attack initiated through a third (3rd) party supplier
(4) Conclusion.
According to SolarWinds the malware insertion into its software
product Orion was performed by a foreign nation. Russian. A state
sponsored campaign was launched against IT companies in America
and these were state sponsored hackers were suspected to be
responsible for this incident.
This attack demonstrates the international impact that an attack on
just one company can initiate a chain of events and aftermaths that
can leads to some serious data breeches. When the targeted company
has access to other company’s data especially as when they are
trusted third party supplier, the results can be catastrophic. In the
SolarWinds case, the involvement of national state hackers means
that such vast expertise and funding is also involved, and this
combination led to the compromise of substantial amounts of data
from some of the most important organization and departments
throughout the world.
After instigation U.S. officials stated that the SVR or Cozy Bear
these two groups are responsible for this incident.
After this incident the supply chain management found high
attention in every organization.
Supply chain management is very important in the present landscape
of cyber security. Things are evolving and adversaries are trying
badly to find new way to compromise a system.
The National Cyber Security Center provide guidance on supply
chain security management.
13
Cyber Attack initiated through a third (3rd) party supplier
14
Cyber Attack initiated through a third (3rd) party supplier
15
Cyber Attack initiated through a third (3rd) party supplier
(5) References
https://cyber.uk/areas-of-cyber-security/supply-chain-attacks-
case-study/
https://www.csoonline.com/article/3191947/supply-chain-
attacks-show-why-you-should-be-wary-of-third-party-
providers.html
https://www.businessinsider.com/solarwinds-hack-explained-
government-agencies-cyber-security-2020-12
https://www.arnoldporter.com/en/perspectives/advisories/2021/0
6/lessons-learned-from-the-solarwinds-cyberattack
https://www.bitsight.com/blog/the-financial-impact-of-
solarwinds-a-cyber-catastrophe-but-insurance-disaster-avoided
16