Solarwinds grapples with fallout from breach
Austin-based software maker Solarwinds — along with the cybersecurity industry at large — continues to grapple with how to move forward from the massive cyber breach last year that allowed hackers access to multiple federal agencies and more than 100 private-sector companies.
Solarwinds is facing a week of reckoning, as the company issued its quarterly earnings Thursday — on the same week that it faced congressional hearings on the breach.
While Solarwinds was the first
known supply chain victim from the attack, other technology companies, including Microsoft, were also exploited by hackers who took advantage of the companies’ large customer bases and leveraged software programs during the breach.
Since the start of the year, Solarwinds has debuted a new CEO
as it continues its investigation into the breach and works to ramp up its own security. The company, which makes network and IT management software, was founded in 1999 in Tulsa before moving to Austin in 2006.
In December, media outlets began reporting that a sophisti
cated hacking group backed by a foreign government might have stolen information from U.S. government agencies, including email traffic.
Details have since emerged to reveal the breach, which was likely Russian in origin, was potentially undetected for months.
Dan Ives, an analyst with Wedbush Securities, said there are still more questions than answers related to the hack, and said Solarwinds now has to work to make sure this is a “dark chapter in its history” and not what defines the company going forward.
“It’s been a living nightmare for the industry, and Solarwinds has been front and center,” Ives said. “No company in their wildest nightmares wants to be the center of a congressional investigation that spawned a massive fear around threats.”
Ives said the company was caught in the middle of cyber warfare that will continue to scale up as more data goes into the cloud and bad actors and nation-states continue attacking enterprises.
Last week, the White House said it would take several more months to investigate the extensive hack. The breach, which Homeland Security Department’s Cybersecurity and Infrastructure Security Agency has called the
hack a grave risk to government and private networks, has been difficult to detect and undo, according to security experts.
Executives from Solarwinds, Microsoft and cybersecurity firms Fireeye and Crowdstrike testified Tuesday about the attack before the U.S. Senate’s Select Committee on Intelligence. The companies are also expected to testify Friday before the House Oversight and Homeland Security Committees.
“We are committed to not only leading the way, with respect to secure software development but to sharing our learnings with the industry,” Solarwinds CEO Sudhakar Ramakrishna said at the Senate hearing. “While numerous experts have commented on the difficulties that these nation-state operations present to any company, we are embracing our responsibility to being an active participant in helping prevent these types of attacks.”
In January, Ramakrishna took over as CEO in a move that had been announced just days before the cyberattack discovery. Ramakrishna replaced former president and CEO Kevin Thompson.
Company leaders said Tuesday they still do not know the true scope or scale of the breaches. Solarwinds and other technology leaders are calling for more transparency and tools in the nation’s fight against cyber espionage.
Microsoft president Brad Smith
said the hack was the work of at least 1,000 “very skilled, very capable” technology experts. The hearing also revealed that Amazon Web Services infrastructure was used in the attack. AWS declined to attend the hearing, and while there is no indication that the cloud computing systems were directly breached, researchers speculate the data centers were used to launch a key part of the attack.
Solarwinds said the breach is believed to be the result of hackers making their way into a number of systems by tampering with an update server on the company’s network management system. Once in, the hackers were able to gain remote access and insert malicious code that hitched a ride into other systems on a Solarwinds software update.
The company said the hackers used a “highly sophisticated and novel code” that was designed to inject malicious code into the system without detection by the company. The hackers also used multiple U.s.-based servers to mimic legitimate network traffic and avoid detection from affected companies and the government.
Solarwinds said as many as 18,000 of its more than 30,000 customers might have been running software that contained a vulnerability hackers used to penetrate networks. In a Thursday conference call with investors, Ramakrishna said the number of these companies actually compromised is likely “substantially fewer” but did not give a specific number.
Microsoft additionally has notified about 60 of its customers that were likely compromised in the breach. The company’s Azure cloud service was used by the hackers and also its Office 365 products contained email messages and documents targeted in the attack.
Ives said the industry as a whole is attempting to learn from its mistakes, and Solarwinds appears to be trying to be a part of the solution.
“The company is not going to hide, and now they need to plow forward and handhold investors, customers and partners through this Category 5 storm,” Ives said.
Solarwinds stock has taken a hit in recent months, dropping about 30 percent in the past three months, but Thursday the company reported better than expected earnings results for the fourth quarter. The company had $265.5 million in revenue, a 6 percent year-over-year increase.
“We’ve added a level of security and review through tools, processes, automation and where necessary, manual checks around our product development processes that we believe goes well beyond industry norms to ensure the integrity and security of all of our products,” Ramakrishna said Thursday.
He said the company believes
there are no further risks in using the company’s products, and the company also has a committee overseeing the response to cyber incidents, and improvement initiatives.
“The sophisticated cyberattack on us and our customers at the end of the fourth quarter has taught us a great deal about the resiliency of our business, the commitment of our employees, and the support we can expect from our customers and partners,” Ramakrishna said.
Solarwinds also said it expects to headwinds in the coming quarters due to both the breach and the pandemic, but is confident demand will remain. Ramakrishna said most customers are still choosing to renew products. Solarwinds also said it expects legal and professional services costs related to the breach to occur.
Ives predicted that findings on the breach will continue to come out in the coming months and years. Ives said Solarwinds, in addition to Fireeye, Microsoft and other companies with be crucial to ensuring something of this scale does not happen again. He also predicted the industry at large will drastically increase cybersecurity spending.
“For Solarwinds they can use this nightmarish challenge as an opportunity,” he said. “It’s definitely going to be a long road ahead. But the company’s back has been against the wall before.”