Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Privacy

SolarWinds Hides List of High-Profile Customers After Devastating Hack (theverge.com) 58

SolarWinds has removed a list of high-profile clients from its website in the wake of a massive breach, "suggesting the company may be trying to obscure its clients in an effort to protect them from bad publicity," reports The Verge. From the report: The list of vulnerable companies is much smaller than SolarWinds' overall client list, so simply appearing on the list doesn't mean a company has been affected. SolarWinds claims that only 33,000 companies use the Orion product, compared to its total client base of 330,000. Out of that 33,000, the company estimates that fewer than 18,000 were directly impacted by a malicious update, and the list of directly targeted companies is likely even smaller. Still, there is much about the attack that remains unknown, and it is possible that additional compromises have yet to be discovered.

SolarWinds' overall client list includes a broad range of sensitive organizations. Before its removal, the page boasted a broad range of clients, including more than 425 of the companies listed on the Fortune 500 as well as the top 10 telecom operators in the United States. In an article on Monday, The New York Times cited a number of organizations as vulnerable that are not cited on the public client page, including Boeing and Los Alamos National Laboratory. Other organizations have been cagey about their own exposure, even within the federal government. Several news outlets have reported that the breach affected the Department of Homeland Security, but the department has not made any official statement regarding its exposure.

This discussion has been archived. No new comments can be posted.

SolarWinds Hides List of High-Profile Customers After Devastating Hack

Comments Filter:
  • Wayback Engine (Score:5, Interesting)

    by Canberra1 ( 3475749 ) on Wednesday December 16, 2020 @04:54AM (#60836586)
    All your pages are cached. You are not fooling anyone competent. OK, maybe your clients are morons. Where is the 'Change all your passwords' alert, and the expense of hot-site recovery, where those systems have to be rebuilt again. It remains to be seen if by taking over the C&C address, if there are not delayed alternative locations. Compromised clients should also expect the bad guys have the LOG's and the IP addresses- over several months, - a goldmine pointing to firewall exceptions, and mutual trust relationships. The weakest link is what it is.
  • No punishment (Score:4, Insightful)

    by AndyKron ( 937105 ) on Wednesday December 16, 2020 @05:30AM (#60836648)
    Nobody's getting in trouble for this, right?
    • They might talk big about investigating Hunter and the Biden Crime Family, but no, no one is getting in actual trouble.

      Realistically, at my company, I can see the poor tech who actually installed the malicious SolarWinds update being fired; but they guys that recommended SolarWinds, performed the due diligence, and signed the contract, they'll be fine.

    • The BBC are reporting: [bbc.co.uk]

      "We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack..." SolarWinds said in a statement on its website.

      But The Register reports [theregister.com]:

      "their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo."

      CEOs claiming their company was compromised by a sophisticated, nation state actor really mean "we hire cheap, rankly incompetent people and let the marketing department create an illusion of invulnerability."

  • Only the high profile folks get hidden?

    So, again, money talks and bullshit walks.

    • by raymorris ( 2726007 ) on Wednesday December 16, 2020 @05:47AM (#60836692) Journal

      Their marketing never did list all 300,000 of their customers.
      That would be one hell of a web page!

      Their page listed "impressive" clients, because potential buyers would think "if it's good enough for DoD and Coca-Cola, it's good enough for my company!

      Kinda like when I interviewed my current job and the boss asked me for examples of networks I've worked on, I mentioned Rackspace and AT&T, not DawnHuntsMysteryShopping.com.

  • by Anonymous Coward on Wednesday December 16, 2020 @05:47AM (#60836690)
    Kevin B. Thompson is our President and Chief Executive Officer. He has served as our President since January 2009 and our Chief Executive Officer since March 2010. He previously served as our Chief Financial Officer and Treasurer from July 2006 to March 2010 and our Chief Operating Officer from July 2007 to March 2010. Prior to joining the Company, Mr. Thompson was Chief Financial Officer of Surgient, Inc., a privately held software company, from November 2005 until March 2006 and was Senior Vice President and Chief Financial Officer at SAS Institute, a privately held business intelligence software company, from August 2004 until November 2005. From October 2000 until August 2004, Mr. Thompson served as Executive Vice President and Chief Financial Officer of Red Hat, Inc. (NYSE: RHT), an enterprise software company. Mr. Thompson holds a B.B.A. from the University of Oklahoma. Mr. Thompson has served on the board of directors of BlackLine, Inc. (Nasdaq: BL) since September 2017. He previously served on the board of directors of Instructure, Inc. (NYSE: INST) prior to its take private transaction, the board of directors of NetSuite, Inc. (NYSE: N) prior to its acquisition by Oracle Corporation and the board of directors of Barracuda Networks, Inc. (NYSE: CUDA). https://investors.solarwinds.c... [solarwinds.com]
  • I've tried Solar Winds back in the day, probably more than 25 years ago. It was OK I guess, nothing exciting though, maybe a bit slow. Back then it was just a registration fee you paid to get more than the shareware episode, did not realise they later did corporate licenses...

    • Comment removed based on user account deletion
    • One of my clients uses it, and so I had to as well. It wasn't a career highlight.

      My appraisal of it is that it's just like Adobe, SAP and Salesforce - it's got an impressive feature list, but it's a hellish product to use. I think the networks folks liked it because it's good at discovery - it can ferret out your Cisco network devices and breaks them down per-port and whatnot. You get nice pictures and graphs, so it looks good when the boss is looking over your shoulder. In my experience, most network folks

  • Let this be a lesson. If so many high profile companies and government entities depend so highly on another single company then regular security audits need to be performed. This creates a single point of failure that is just begging for bad actors to attack.
  • NPR just mentioned there were some selling going on prior to the announcement. Imagine that!
  • by RitchCraft ( 6454710 ) on Wednesday December 16, 2020 @08:30AM (#60836964)
    This, according to CNN, lol: A third reason for concern is the unusual and creative way the attackers carried out their operation: By disguising the initial attack within legitimate software updates issued by SolarWinds. "SolarWinds is one of the most widely used and effective tools for network monitoring, including across federal networks and major corporations," said Jamie Barnett, a retired Navy rear admiral and senior vice president at the cybersecurity firm RigNet. "It takes a state-level cyberattack to get into the SolarWinds updates and patches."
  • Or are we just hearing the usual Russia! Russia! Russia! leftist hysteria?

  • byebye solarwind monitoring , hello opensource monitoring

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...