
By Byron V. Acohido
SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks.
Related: Digital certificates destined to play key role in securing DX
Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map.
Remember how the WannaCry and NotPetya worms signaled the trajectory of ransomware, which has since become an enduring, continually advancing operational hazard?
Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.
Supplier trojans
Quick recap: SolarWinds supplies the Orion platform to some 33,000 enterprises that use it to monitor and manage their entire IT stack. On Dec. 8, security vendor FireEye reported that it had been compromised by a state-sponsored adversary; then on Dec. 13, FireEye and Microsoft published this technical report, disclosing how the adversary got in: via trojan malware, dubbed Sunburst, carried in an Orion software update sent to FireEye.
SolarWinds subsequently disclosed to the SEC that threat actors inserted Sunburst into the Orion updates issued to customers between March and June 2020. The threat actors, it was noted, were careful not to tamper with Orion’s source code.