SolarWinds
Owners:
Thoma Bravo
Silver Lake
In terms of the number of monitoring solutions and ease of use, users prefer SolarWinds. In addition to the main capabilities of modern monitoring systems, SolarWinds provides a wide range of solutions, including: VMware and Hyper-V monitoring, server health from HP, Dell, IBM System x, integration with Microsoft Active Directory, detailed SQL monitoring, expert templates for monitoring systems. SolarWinds solutions include a "smart" alert service based on parent and child dependencies, monitoring SaaS and internal applications written with JSON, analyzing databases for DB2, Sybase, analyzing firewall operation, changing its settings and automatically backing them up, security auditing, and Patch Manager, which provides patch management.
SolarWinds develops products and solutions that can interest not only large enterprises, but also representatives of medium and small businesses. The company's portfolio contains 28 separate products. This allows you to select the necessary monitoring kit individually for each type of architecture. SolarWinds has a strong engine (polling engine), which allows you to support monitoring up to 12 thousand elements, while its competitors withstand only 3 thousand. Another advantage is easy installation and automatic discovery of network devices, which does not require the intervention[1] specialists[2].
In addition, SolarWinds supports and automates the process of monitoring multicast routing. In manual mode, such a process requires serious knowledge of scripts. In addition to the above, a number of experts note the more thoughtful SolarWinds interface. Thus, SolarWinds allows you to conduct convenient and effective monitoring of your network infrastructure, automating all processes, which makes solutions more accessible to various enterprises and organizations.
By October 2015, the distributor of SolarWinds in Russia and the CIS countries is Axoft, which offers partners the full range of vendor solutions. SolarWinds has over 90 thousand customers in more than 170 countries.
History
2022: Payment of $26 million for hacking its software, which affected government agencies around the world
On November 7, 2022, SolarWinds, without admitting any wrongdoing on its part, agreed to a multimillion-dollar settlement with shareholders in a lawsuit filed after the infamous cyber espionage campaign that became known in December 2020.
The cyberattack, dubbed "SolarWinds attack" or "SolarWinds incident," sparked a shareholder lawsuit in January 2021 alleging the company misled them and lied about its security practices, including using a weak password like solarwinds123 to protect the server.
Shareholders in the class action named the company, its CEO Kevin Thompson and chief financial officer Barton Kalsu as defendants. According to the SolarWinds 8-K report filed with the US Securities and Exchange Commission (SEC), the company agreed to a payment of $26 million to its shareholders who purchased SolarWinds shares on the open market between February 24, 2020 and December 15, 2020.
SolarWinds also said it expects enforcement action from the SEC, such as a regulatory penalty. The settlement is under approval by a judge. After approval, in addition to $26 million, the payment will also cover the legal costs of the plaintiffs' lawyer and the costs of administering the settlement.
{{quote 'The proposed settlement resolves all claims made against the company and other named defendants in connection with class action litigation and will contain provisions that the settlement does not constitute an admission, assignment or determination of any guilt, liability or wrongdoing of any kind by the company or any defendant, SolarWinds said in a statement. }} In response to the upcoming SEC action, SolarWinds said it believes its disclosure, information public statements, controls and procedures were appropriate and is set to submit a response to the SEC employees' position.[3]
2021
US intelligence accuses Russia of cyber attack on SolarWinds
USA United States Intelligence Community experts in their annual report indicated [4] that Russia was involved in the introduction of malicious code into the SolarWinds software update in order to strengthen a large-scale espionage operation that affected about 18 thousand customers around the world, including networks of government and commercial organizations in the United States[5].
The document pays special attention to four countries: China, Russia, Iran and North Korea. China's actions are described as "claims to world domination" and the other three countries as "provocative actions." Experts believe that Iran is also becoming "increasingly active in using cyberspace to conduct influence operations." Iran's operations were intended to undermine Trump's re-election bid and his confidence in the election process. Last year, Iranian hackers tried to influence the US presidential election by sending letters threatening voters.
Using a password that is too simple on one of the servers
One of the SolarWinds servers was secured using the solarwinds123 password set by the trainee. This became known on March 1, 2021.
Some believe attack that on SolarWinds is a story Russians about or, the Chinese hackers but in essence, it is a story about a huge security hole widening as details about the attack emerge. And now in this story discovered an extreme - an inexperienced trainee who used an unreliable password.
Appearing before the U.S. House Oversight Committee and Homeland Security Committee, former SolarWinds chief Kevin Thompson revealed that one of the company's servers was secured with a solarwinds123 password. Such an unreliable password was set by an intern who violated the company's password policies. What's more, he posted the password to his private GitHub account. Upon learning of this, the SolarWinds security team blocked the password the same hour, Thompson said.
According to security researcher Vinoth Kumar in December 2020, he warned SolarWinds that anyone could access its update server, since it has the solarwinds123 password, back in 2019. The password has been available since at least June 2018, according to the researcher. However, according to SolarWinds CEO Sudhakar Ramakrishna, the solarwinds123 password was used on one of the trainee's servers back in 2017.
Based on the correspondence between Kumar and representatives of SolarWinds, with the help of a leaked password, the researcher was able to access the server and add files. Kumar warned the company that cybercriminals could do the same to download malware.
However, it is worth noting that as of March 2021, it is not known whether the aforementioned password was used in the attack on SolarWinds, called the largest foreign invasion in US history. For March 2021, a campaign investigation is underway, and what data could have been stolen by intruders remains to be seen the[6].
Microsoft openly accused the Russian Federation of attacks on US federal departments
On February 24, 2021, it became known about Microsoft 's statement that it had "solid evidence" of Russia's involvement in the sensational wave of cyber attacks on at least nine US federal departments and dozens of private companies. As Microsoft President Brad Smith noted, speaking before the US Senate Intelligence Committee, the government will probably take time to formally reach the same conclusion.
Main article: Cybercrime and cyber conflicts: USA
Hacking of NASA and Federal Aviation Administration systems through SolarWinds software
On February 23, 2021, it became known that as part of a large-scale espionage campaign aimed at US government agencies and private companies, hackers hacked into the networks of the National Aeronautics and Space Administration (NASA) and the US Federal Aviation Administration ( FAA).
NASA and the FAA are the two remaining unnamed agencies from nine government agencies confirmed to have been affected by the hacker attack, according to the Washington Post. The other seven include the departments of Commerce, power, Homeland Security, Justice and State, Treasury and the National Institutes of Health, though it is not assumed that the attackers hacked into their secret networks. FireEye, Microsoft and Malwarebytes were among a number of cybersecurity companies also hacked in the attacks.
The attacks were discovered in 2020 after FireEye sounded the alarm about a hacking campaign after hacking its own network. Each victim was a client of US software company SolarWinds, whose network management tools are used by the federal government and Fortune 500 companies. Hackers hacked into the SolarWinds network, embedded a backdoor in its software and spread the backdoor to client networks using a viral software update.
Experts argue that this was not the only way to get inside. It is alleged that the hackers intended to attack other companies, breaking into other devices and applications on the networks of their victims, as well as Microsoft suppliers to break into the networks of other customers.
FireEye President Kevin Mandia fears that such a hacker attack could happen again. At the same time, in his opinion, it is not possible to completely close all loopholes to the networks of companies, it is only possible to eliminate previously discovered vulnerabilities in their information security systems.[7]
SolarWinds cyber attack is the largest in history - Microsoft
In mid-February 2021 Microsoft cyber attack ON , she named the largest in history through SolarWinds. According to Brad Smith, president of the software corporation, the hacking campaign, in which the American technology firm was used as a bridgehead for hacking into many governmental agencies, USA became "the largest and most difficult attack that the world has ever seen."
Hackers hacked SolarWinds' Orion software in March 2020 and injected the virus into the update. Given that Orion software was used by thousands of SolarWinds customers, including US government agencies and more than 400 major US companies, the scale of the attack was enormous. Cybersecurity experts said it could take many months to identify compromised systems and fix the damage caused.
I think it's fair to say about software development technologies - it's the biggest and most sophisticated attack the world has ever seen, "Smith said during an interview that aired Sunday on CBS's" 60 Minutes. " |
According to Smith, this attack required serious resources and preparation. The attack could affect up to 18,000 SolarWinds clients using Orion software, and it was impossible for several lone hackers to organize it.
When we analyzed all the data found, we wondered how many engineers were probably working to organize these attacks. We concluded that there were at least 1,000 of them, "Smith claims. |
Experts suggest that the cyber attack was carried out not so much to cause damage as to intelligence. US President Joe Biden instructed the country's special services to conduct a "full assessment" of this cyber attack.[8]
2020: Cyber attack on US Treasury via SolarWinds software hack
On December 13, 2020, it became known cyber attacks about the Ministry of Finance USA National Telecommunications and Information Administration (NTIA). The Washington Post writes that hackers managed to hack into the systems through updates to the IT company SolarWinds, the supplier. ON to the United States Government More. here
2015: SolarWinds sold to investment funds for $4.5 billion
On October 21, 2015, the sale of SolarWinds to private equity firms Silver Lake Partners and Thomas Bravo was announced. The deal will cost $4.5 billion.
Under the terms of the agreement, Silver Lake and Thomas Bravo will pay SolarWinds shareholders $60.1 per security they own, which is 44% more than the stock price as of October 8, 2015 - the day before rumors appeared in the media about the impending privatization of the manufacturer of software for managing corporate network infrastructure.
On the day of the announcement of the sale of SolarWinds, the company's shares rose in price by 16%, reaching $58.31. This rise in vendor quotes within one day turned out to be the strongest since July 2012, the Bloomberg news agency notes.
According to his sources, to finance the purchase of SolarWinds, investors will attract loans ranging from $1.4 billion to $1.5 billion and sell bonds worth $600-700 million.
By October 21, 2015, the sale of SolarWinds to investment funds was approved by the company's boards of directors. The transaction is subject to review by shareholders and regulators and is expected to close in the first quarter of 2016. SolarWinds is advised by JPMorgan Chase & Co.
According to FBR Capital analyst Dan Ives, the purchase of SolarWinds by financial companies is the most logical way to develop this software manufacturer, since there are no other strategic buyers of its business.
Bloomberg Intelligence analyst Mandeep Singh says SolarWinds has faced growing competition in the market, and revenue from cloud product subscription sales is not offset by slowing revenue from traditional software licenses.[9]
Notes
- ↑ [http://www.cnews.ru/reviews/index.shtml?2014/10/29/589214 of SolarWinds
- ↑ to help manage the network infrastructure]
- ↑ Security company SolarWinds will pay $26 million for hacking of its software because of which state institutions around the world suffered
- ↑ [https://www.dni.gov/files/ODNI/documents/assessments/ATA-2021-Unclassified-Report.pdf The 2021 Annual Threat Assessment]
- ↑ US intelligence accused Russia of a cyber attack on SolarWinds
- ↑ "Scapegoat" in the SolarWinds hack was an intern
- ↑ SolarWinds hackers targeted NASA, Federal Aviation Administration networks
- ↑ SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft president
- ↑ SolarWinds to Be Bought in $4.5 Billion Private-Equity Deal