Cloud-based storage has been on the uptick in business trends for many years. Instantly accessible online information systems bring a sense of relief to executives eyeing the bottom line. But all it could take to disrupt the enterprise is one suspicious email.
"We've confirmed that a SolarWinds email account was compromised and used to programmatically access accounts of targeted SolarWinds personnel in business and technical roles,” said SolarWinds CEO Sudhakar Ramakrishna. He believes that “the most likely attack vectors came through a compromise of credentials and/or access through a third-party application via an at the time zero-day vulnerability." According to him, the hackers were able to access SolarWinds’ Office 365 programming and then move into the Orion development environment.
Microsoft’s security team was quick to push back against the accusation, reporting that an internal investigation found no evidence of an email software breach from any Microsoft systems. Microsoft points to an ambiguously worded 8k filing from SolarWinds as the genesis of its involvement in the blame game. Nevertheless, the original hacked email was confirmed to have been housed in Office 365.
The hackers’ modus operandi can be pieced together from understanding their tactics. For cloud-based services, SAML (Security Assertion Markup Language) is the vehicle for identity authentication, and the SAML token is generated as tangible proof. Once the hackers got the lay of the land, they manipulated these cloud-based identity tools to create fake IDs. Now operating with a full range administrative access, they reaped key data for market leverage and monetization.
The SolarWinds hack ended up being a stepping-stone to a larger target: the U.S. government. Microsoft informed senior individuals from the Treasury Department and the National Telecommunications and Information Administration that their emails had been compromised. An encrypted identifier token worked again for the hackers, granting means of entry into critical government databases.
Data breaching is a test of adaptability for both attacker and victim, and that’s why the SolarWinds hack is a bad omen for the future of cloud security. Traders, companies, and even governments now have an incentive to follow NSA directives and practice increased vigilance when considering their email systems and the safety of sensitive information stored on cloud technology.