South African users of the software at the centre of a supply chain hack on US government departments appear to be unaffected by the issue, and most have already applied the fixes that will prevent any potential problems.
That’s the word from Glenn Lazarus, CEO of local SolarWinds distributor ATS Network Management, who tells IT-Online that the company and its customers started work to mitigate any fallout within hours of news of the so-called “Russian hack” breaking on 15 December 2020.
The sophisticated attack was made possible by the Sunburst vulnerability in SolarWinds’ Orion Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.
As many as 16 000 users around the world use the network monitoring system, with thousands of them in South Africa.
Lazarus explains: “All the blue chip companies in South Africa and Africa use SolarWind’s Orion platform; it has a very broad user base.”
The hack is believed to have targeted US government departments exclusively, and Lazarus says there is no evidence that other customers have been affected.
Nonetheless, SolarWinds has made fixes and patches available for both Sunburst and the related Supernova malware, which runs on a server that requires unauthorised access to a customer’s network and is designed to appear to be part of a SolarWinds product.
Most South African users have already applied the patches, with others planning to do so as part of their upgrade schedules.
“We don’t believe that any of our customers experienced a breach in terms of Sunburst,” Lazarus stresses.
Customers appreciate the fact that SolarWinds and its partners were upfront about communicating the issues, and quick to develop and roll out fixes, Lazarus adds.
“The top guys in the world were brought in to solve the issues; and at no stage was there any attempt to whitewash is,” he points out. “The vendor has taken the highest regard as to the sensitivity of the issue, and taken steps to keep customers notified. In the local market, we have been in communication with our customers, ensuring they are well aware of what to do, and that we are there to assist them.”
Importantly, the upgrades and fixes have been made available to all Orion platform users, even those without current service agreements, or running out-of-maintenance versions of the software.
Because the Orion platform is key to network and system monitoring, it’s important that it stays up and running 24/7, Lazarus adds. Most customers were able to employ a failover solution to patch the system without any downtime – a crucial consideration especially for banking and retail customers over the December period.
“So they were able to retain high availability with no impact in terms of downtime or data loss, and have complete visibility of their systems with no break.”
The SolarWinds Security Advisory Centre is providing daily information on the situation, with links to new patches and upgrades.
“Our message to customers is that we are here to assist them. If they have any concerns, we are able to pick it up and address it from our side. We’ll bring in the right people is needed, and we have access to the SolarWinds teams in EMEA and the US.
“Fortunately, at ATS, we have a very special relationship with SolarWinds. We have been involved with the company for more than 15 years, so we know how to get hold of the right people because we know them personally, Through our years of experience, we know how to deal with problems and speed up the process.
“South Africa is an important territory for SolarWinds. They regard us as a vital cog in the wheel and they wany to make sure our customers and partners are well looked after.
“We have shared all the information on Sunburst and SuperNova with our customers and are ready to give help or additional information where it’s needed.”
Lazarus stresses that the incident wasn’t a hack on SolarWinds, but a well co-ordinated attack on US government departments, which happened to use the Orion platform used as the route to the victim.