• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • SolarWinds Hack Raises Concern for IBM i Shops

    January 27, 2021 Alex Woodie

    The recently disclosed hack of the SolarWinds log management software enabled bad actors to gain access to the protected networks of numerous government agencies and private companies. It is also impacting an untold number of IBM i shops, which use SolarWinds software in not-insignificant numbers.

    In early December, Reuters broke the story of a massive and sophisticated breach of federal government computer systems that started in March 2020. According to the stories, state-backed cybercriminals exploited security flaws in at least three software vendors, including SolarWinds, Microsoft Azure, and VMware, to access private information in the target systems, and even to embed malware in product updates downloaded over the Internet.

    The bad actors conducted what’s been called a “supply chain” attack, in which exploits in one system enable attackers to infiltrate other downstream systems. Specifically, security flaws in Microsoft and VMWare products allowed the attackers to access emails and other cloud-based documents stored in Office 365, which in turn enabled them to utilize federated authentication and single sign-on setups to breach more systems.

    It is believed that the attackers utilized compromised Office 365 credentials to hack an FTP site used by developers to build the SolarWinds Orion software product. The attackers then utilized this access to insert malware, called Sunburst, directly into the SolarWinds Orion product updates, thereby turning the network management product into a Trojan horse. The attackers also inserted a malicious program designed to look like the SolarWinds software, called Supernova, which was intended to give the attackers a backdoor to the networks of SolarWinds’ customers.

    SolarWinds issued a security advisory on December 31 in which it strongly encourages customers to update their Orion software to a new release that does not contain the malware. The company listed nearly 20 Orion components that were affected by the hack. This includes the Server & Application Monitor (SAM) component, which some organizations use to track IBM i server and network metrics via SNMP traps. The Network Performance Monitor (NPM) component of Orion, which also supports IBM i, is also impacted, SolarWinds says.

    Among the 80 or so Orion components that SolarWinds says are not impacted by the hack include Security Event Manager (SEM), which is widely used to track and correlate security data and is also known to be used by IBM i shops.

    The Department of Homeland Security issued an advisory calling on all organizations to disconnect or power down SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, to block all network traffic to and from hosts, and to eliminate all accounts that are being used by the bad actors.

    Only after all vulnerabilities have been removed should users update the Orion software and begin rebuilding the systems. “Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed,” the DHS says.

    It’s unclear to what extent compromised SolarWinds software impacts IBM i shops and their IBM i systems. What is known is that SolarWinds’ software is widely used across many industries, and its Orion products are installed in, and actively used, by many IBM i shops.

    According to Precisely’s 2019 security survey, SolarWinds was tied as the second-most popular Security Information and Event Management (SIEM) software among IBM i shops, behind Splunk. It’s unclear how many of these IBM i shops also use SolarWinds Orion software for server or network management, but the odds are likely that a substantial number of them have standardized on SolarWinds, which claims to have more than 300,000 customers and revenues approaching $1 billion.

    HelpSystems President Jim Cassens said he expects some IBM i shops to move on from SolarWinds as a result of the hack. “I’m sure there are customer who will look at that and say, wow I don’t feel good about SolarWinds implementation and we’ll look for something else,” he says.

    However, Cassens says HelpSystems won’t use the SolarWinds hack as a way to convince its customers to use HelpSystems own SIEM, which the company announced a few years ago and continues to develop and maintain.

    “It always bothers me if you’re trying to take advantage of a situation like that,” he says. “Win on your merits, not necessarily the bad fortune” of a competitor.

    We’re continuing to research the SolarWinds hack and will update you as new information becomes available.

    RELATED STORIES

    Is Information Overload Hurting IBM i Security?

    Security Gaining Attention On IBM i, But More Progress Needed

    Hacking IBM i: Penetration Testing Gains Popularity

    IBM i Data Vulnerable, Security Report Says

    Three Lessons IBM i Shops Can Learn From The Equifax Hack

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: HelpSystems, IBM i, Network Performance Monitor, npm, SAM, Security Event Manager, Security Information and Event Management, SEM, Server & Application Monitor, SIEM, SolarWinds, VMware

    Sponsored by
    iTech Solutions

    Choose Your Own IBM i OS Upgrade Adventure

    Choice 1:

    • Plan for 3 months
    • Check hardware & software compatibility
    • Check Lan Console, MQ, Domino, SMB, Ciphers, WebSphere, Java
    • Test, test, and test again
    • Prepare for potential downtime
    • Hope the OS Upgrade goes smoothly
     

    Choice 2:

    • Strategically plan alongside a team of IBM i experts
    • Work with experienced system admins to ensure hardware & software compatibility
    • Receive full analysis of Lan Console, MQ, Domino, SMB, Ciphers, WebSphere, Java
    • Know which PTFs are required for the upgrade
    • Relax, and let iTech handle the rest

    Not every OS Upgrade has to be an adventure. We make the process easy for you.

    Having completed thousands of upgrades, we have the experience, know-how, and expertise to get the job done seamlessly. We know what can go wrong, what to plan for, and can act quickly if problems arise.

    No matter where you are in your journey, we’re here to help. Take a look at the video below to ensure you’re on the right path when it comes to your next IBM i OS Upgrade.

    [Video] What You Need to Know to Successfully Upgrade to IBM i 7.4 and 7.5

    An IBM i OS upgrade isn’t complete until all the boxes are checked. Is your list up to date?

    In this video, Pete Massiello covers what’s new on IBM i 7.5, planning tips, pre-requisites, and post-installation requirements for a successful OS Upgrade.

    [ Watch Now ]

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Can You Build Data Integrity Without Securing IBM i Systems? Talk Is Cheap, Action Is Costly

    Leave a Reply Cancel reply

TFH Volume: 31 Issue: 7

This Issue Sponsored By

  • Maxava
  • Precisely
  • CYBRA
  • Trinity Guard
  • ProData

Table of Contents

  • SolarWinds Hack Raises Concern for IBM i Shops
  • Can You Build Data Integrity Without Securing IBM i Systems?
  • Rocket Rebrands, Updates, and Discounts Terminal Emulator
  • Four Hundred Monitor, January 27
  • IBM i PTF Guide, Volume 23, Number 4

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM i 7.3 TR12: The Non-TR Tech Refresh
  • IBM i Integration Elevates Operational Query and Analytics
  • Simplified IBM i Stack Bundling Ahead Of Subscription Pricing
  • More Price Hikes From IBM, Now For High End Storage
  • Big Blue Readies Power10 And IBM i 7.5 Training for Partners
  • IBM Delivers More Out-of-the-Box Security with IBM i 7.5
  • Groundhog Day For Malware
  • IBM i Community Reacts to IBM i 7.5
  • Four Hundred Monitor, May 11
  • IBM i PTF Guide, Volume 24, Number 19

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.