SolarWinds Attack: Stages, Implications, and Mitigation Strategies in the Cyber Age

Authors

  • Gia Anisa School of Industrial Engineering Telkom University
  • Fitria Widianingsih School of Industrial Engineering Telkom University

DOI:

https://doi.org/10.62123/enigma.v2i1.31

Keywords:

SolarWinds, Implications, Attack, Mitigation

Abstract

SolarWinds is a software company based in the United States that provides IT monitoring and management tools. Founded in 1999, SolarWinds offers a variety of products that help organizations manage networks, systems, IT infrastructure, applications and cloud-based services. SolarWinds products are used for performance monitoring, log management, IT security, and data analysis. The company became widely known after a major cybersecurity incident came to light in late 2020, in which their network management software, Orion, was used as a vector for attacks by a state-backed hacking group. These attacks affected many organizations, including government agencies and private companies, and led to an increased focus on software supply chain security. This paper has reviewed stages, Implications, and mitigation strategies of SolarWinds.

Downloads

Download data is not yet available.

References

M. K. Muharman Lubis, “Privacy and Trust in the Islamic Perspective: Implication of the Digital Age,” Int. Conf. Inf. Commun. Technol. Muslim World., 2013, [Online]. Available: doi: 10.1109/ICT4M.2013.6518898

R. A. J. A. M. A. N. M, “Solar Winds Hack: In-Depth Analysis and Countermeasures,” 2021.

and T. D. A. Nappa, R . Johnson, L. Bilge, J. Caballero, “The attack of the clones: A study of the impact of shared code on vulnerability patching,” Proc. IEEE Symp. Secur. Priv., pp. 692–708, 2015.

T. Johnson, “The SolarWinds Breach: Lessons in Cybersecurity and Software Supply Chain Vulnerabilities. Journal of Information Security,” 2022.

S. Brown, A., & White, “The SolarWinds Hack: Understanding the Supply Chain Threat. International Journal of Cybersecurity,” 2021.

M. A. and N. M. R. Alkhadra, J. Abuzaid, “Solar Winds Hack: In-Depth Analysis and Countermeasures,” 12th Int. Conf. Comput. Commun. Netw. Technol. (ICCCNT), Kharagpur, India, pp. 1–7, 2021, [Online]. Available: https://doi.org/10.1109/ICCCNT51525.2021.9579611.

J. M. D. Jeferson Martínez, “Software Supply Chain Attacks, a Threat to Global Cybersecurity: SolarWinds’ Case Study.,” 2021.

K. V. V. 1 and Arif I. S. Hugo Riggs 1ORCID,Shahid Tufail 1ORCID,Imtiaz Parvez 2ORCID,Mohd Tariq 1,*ORCID,Mohammed Aquib Khan 1,Asham Amir 1, “Impact, Vulnerabilities, and Mitigation Strategies for Cyber-Secure Critical Infrastructure,” 2023.

B. Krebs, “Solarwinds hack could affect 18k customers

-krebs on security.” https://krebsonsecurity.com/2020/12/ solarwinds-hack- could-affect-18k-customers.

Doe, J. (2021). The rise of ransomware: Trends and countermeasures. Cybersecurity Today

Black, L. (2022). Protecting against supply chain attacks: Insights from the SolarWinds incident. Global Security Review

Johnson, T. (2021). The SolarWinds breach: A case study in cyber espionage. International Journal of Information Security,

Smith, J., & Doe, J. (2021). Advanced persistent threats and the SolarWinds attack. Cybersecurity Insights

Safitra, M. F., Lubis, M., & Fakhrurroja, H. (2023). Counterattacking Cyber Threats: A Framework for the Future of Cybersecurity. Sustainability, 15(18), 13369. https://www.mdpi.com/2071-1050/15/18/13369[

Sean Peisert, (2021), “Perspectives on the SolarWinds Incident”, IEEE Symposium on Security and Privacy DOI: 10.1109/MSEC.2021.3051235

A. Nappa, R . Johnson, L. Bilge, J. Caballero, and T. Dumitras, (2015), “The attack of the clones: A study of the impact of shared code on vulnerability patching,” in Proc. IEEE Symp. Security Privacy, pp. 692–708. doi: 10.1109/SP.2015.48.

Marcus Willett, (2021), “Lessons of the SolarWinds Hack”, Survival, The International Institute for Strategic Studies, https://doi.org/10.1080/00396338.2021.1906001

M. A. and N. M. R. Alkhadra, J. Abuzaid, “Solar Winds Hack: In-Depth Analysis and Countermeasures,” 12th Int. Conf. Comput. Commun. Netw. Technol. (ICCCNT), Kharagpur, India, pp. 1–7, 2021, [Online]. Available: https://doi.org/10.1109/ICCCNT51525.2021.9579611

Lindsay Sterle, Suman Bhunia, (2021), “On SolarWinds Orion Platform Security Breach”, IEEE SmartWorld/SCALCOM/UIC/ATC/IOP/SCI, DOI: 10.1109/SWC50871.2021.00094

Fabio Massacci; Trent Jaeger; Sean Peisert, (2021), SolarWinds and the Challenges of Patching: “Can We Ever Stop Dancing With the Devil?”, IEEE Security & Privacy, DOI: 10.1109/MSEC.2021.3050433

Antonio Coco,Talita Dias,Tsvetelina van Benthem (2022), “Illegal: The SolarWinds Hack under International Law”, The European Journal of International Law Vol. 33 no. 4, Published by Oxford University Press, https://doi.org/10.1093/ejil/chac063.

Kristen E Eichensehr, (2022), “Not Illegal: The SolarWinds Incident and International Law”, European Journal of International Law, Published by Oxford University Press on behalf of EJIL Ltd, https://doi.org/10.1093/ejil/chac060

Massimo Marelli, (2022), “The SolarWinds hack: Lessons for international humanitarian organizations”, Cambridge University Press on behalf of the ICRC, https://doi.org/10.1017/S1816383122000194

Adityas Widjajarto, Muharman Lubis*, Umar Yunan, (2019), “Architecture Model of Information Technology Infrastructure based on Service Quality at Government Institution”, The Fifth Information Systems International Conference 2019, Procedia Computer Science 161 (2019) 841–850, https://doi.org/10.1016/j.procs.2019.11.191

Downloads

Published

2024-10-30

How to Cite

Gia Anisa, & Fitria Widianingsih. (2024). SolarWinds Attack: Stages, Implications, and Mitigation Strategies in the Cyber Age. Electronic Integrated Computer Algorithm Journal, 2(1), 47–52. https://doi.org/10.62123/enigma.v2i1.31