HOME

TheInfoList



OR:

SolarWinds Corporation is an American company that develops software for businesses to help manage their
networks Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
,
systems A system is a group of interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment, is described by its boundaries, structure and purpose and expresse ...
, and
information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of data . and information. IT forms part of information and communications technology (ICT). An information technology syste ...
infrastructure. It is headquartered in
Austin, Texas Austin is the capital city of the U.S. state of Texas, as well as the seat and largest city of Travis County, with portions extending into Hays and Williamson counties. Incorporated on December 27, 1839, it is the 11th-most-populous city ...
, with sales and product development offices in a number of locations in the United States and several other countries. The company was publicly traded from May 2009 until the end of 2015, and again from October 2018. It has also acquired a number of other companies, some of which it still operates under their original names, including
Pingdom Pingdom AB is a Swedish website monitoring software as a service company launched in Stockholm and later acquired by the Austin, Texas-based SolarWinds. The company releases annual reports on global internet use, which are frequently cited in aca ...
, Papertrail and Loggly. It had about 300,000 customers as of December 2020, including nearly all ''Fortune'' 500 companies and numerous federal agencies. A SolarWinds product, Orion, used by about 33,000 public and private sector customers, was the focus of a large-scale attack disclosed in December 2020. The attack persisted undetected for months in 2020, and additional details about the breadth and depth of compromised systems continued to surface after the initial disclosure. In February 2021,
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...
President
Brad Smith Brad or Bradley Smith may refer to: Sportspeople * Bradley Smith (cricketer) (born 1969), English former cricketer * Brad Smith (footballer, born 1948), Australian rules footballer and premiership coach of East Fremantle * Brad Smith (ice hockey) ...
said that it was "the largest and most sophisticated attack the world has ever seen".


History

SolarWinds began in 1999 in
Tulsa, Oklahoma Tulsa () is the second-largest city in the state of Oklahoma and 47th-most populous city in the United States. The population was 413,066 as of the 2020 census. It is the principal municipality of the Tulsa Metropolitan Area, a region wit ...
, co-founded by Donald Yonce (a former executive at
Walmart Walmart Inc. (; formerly Wal-Mart Stores, Inc.) is an American multinational retail corporation that operates a chain of hypermarkets (also called supercenters), discount department stores, and grocery stores from the United States, headquarter ...
) and his brother David Yonce. SolarWinds released its first products, Trace Route and Ping Sweep, earlier in March 1998 and released its first web-based network performance monitoring application in November 2001. According to Michael Bennett, who became the chief executive officer in 2006, the name SolarWinds was chosen by an early employee and the company has nothing to do with solar or
wind power Wind power or wind energy is mostly the use of wind turbines to generate electricity. Wind power is a popular, sustainable, renewable energy source that has a much smaller impact on the environment than burning fossil fuels. Historically ...
. In 2006, the company moved its headquarters to
Austin, Texas Austin is the capital city of the U.S. state of Texas, as well as the seat and largest city of Travis County, with portions extending into Hays and Williamson counties. Incorporated on December 27, 1839, it is the 11th-most-populous city ...
, where about 300 of the company's total 450 employees were based as of 2011. The company was profitable from its founding through its IPO in 2009. During 2007, SolarWinds raised funding from
Austin Ventures Austin Ventures (AV) is a private equity firm focused on venture capital and growth equity investments in business services and supply chain, financial services, new media, Internet, and information services companies nationally with a focus o ...
,
Bain Capital Bain Capital is an American private investment firm based in Boston. It specializes in private equity, venture capital, credit, public equity, impact investing, life sciences, and real estate. Bain Capital invests across a range of industry se ...
, and Insight Venture Partners. SolarWinds completed an
initial public offering An initial public offering (IPO) or stock launch is a public offering in which shares of a company are sold to institutional investors and usually also to retail (individual) investors. An IPO is typically underwritten by one or more investme ...
of US$112.5 million in May 2009, closing at higher prices after its initial day of trading. The IPO from SolarWinds was followed by another from OpenTable (an online restaurant-reservation service), which was perceived to break a dry spell during the
Great Recession The Great Recession was a period of marked general decline, i.e. a recession, observed in national economies globally that occurred from late 2007 into 2009. The scale and timing of the recession varied from country to country (see map). At ...
, when very few companies went public. Both Bain Capital and Insight Venture Partners backed the IPO and used the opportunity to sell some of their shares during the offering. Analysts and company executives anticipated continued expansion post-IPO, including several acquisitions. In 2010, Bennett retired as CEO and was replaced by the company's former chief financial officer Kevin Thompson. In May 2013, SolarWinds announced plans to invest in an operations hub in
Salt Lake City, Utah Salt Lake City (often shortened to Salt Lake and abbreviated as SLC) is the capital and most populous city of Utah, United States. It is the seat of Salt Lake County, the most populous county in Utah. With a population of 200,133 in 2020, t ...
. It was named by ''
Forbes ''Forbes'' () is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. ''Forbes'' also r ...
'' as "Best Small Company in America, citing high-functioning products for low costs and impressive company growth." By 2013, SolarWinds employed about 900 people. Acquisition by private equity technology investment firms
Silver Lake Partners Silver Lake is an American global private equity firm focused on investments in technology, technology-enabled and related industries. Founded in 1999, the firm is one of the largest technology investors in the world. Its investment holdings hav ...
and
Thoma Bravo Thoma Bravo, LP, is an American private equity and growth capital firm with offices in San Francisco, Chicago and Miami. It is known for being particularly active in acquiring software companies and has over $114 billion in assets under manage ...
, LLC. was announced in late 2015, and by January 2016, SolarWinds was taken private in a $4.5 billion deal. At the time, the company had 1,770 employees worldwide with 510 based in Austin, and reported revenues of about half a billion dollars a year. In November 2017, SolarWinds released AppOptics which integrates much of their software portfolio, including Librato and TraceView, into a single software-as-a-service package. AppOptics included compatibility with
Amazon Web Services Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. These cloud computing web services provide d ...
and
Microsoft Azure Microsoft Azure, often referred to as Azure ( , ), is a cloud computing platform operated by Microsoft for application management via around the world-distributed data centers. Microsoft Azure has multiple capabilities such as software as a ...
. In September 2018, SolarWinds filed for a public offering again, after three years of being owned by private equity firms. SolarWinds completed their public offering on October 19, 2018. On December 7, 2020, CEO Kevin Thompson retired, to be replaced by Sudhakar Ramakrishna, CEO of Pulse Secure, effective January 4, 2021. On January 8, 2021, SolarWinds hired former CISA director
Chris Krebs Christopher Cox Krebs (born 1977) is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020 when Presiden ...
to help the company work through the recent cyber attack. In July 2021, SolarWinds separated its managed service provider (MSP) business from the main company. The new separately-traded public company is named N-able.


Acquisitions

According to ''
The Wall Street Journal ''The Wall Street Journal'' is an American business-focused, international daily newspaper based in New York City, with international editions also available in Chinese and Japanese. The ''Journal'', along with its Asian editions, is published ...
'', SolarWinds offers freely downloadable software to potential clients and then markets more advanced software to them by offering trial versions. Following the funding in 2007, SolarWinds acquired several companies including Neon Software and ipMonitor Corp. and opened a European sales office in Ireland. During and after its IPO in 2009, SolarWinds acquired a number of other companies and products, including the acquisition of the New Zealand–based software maker Kiwi Enterprises, which was announced in January 2009. SolarWinds acquired several companies in 2011 and was ranked number 10 on ''Forbes'' magazine's list of fastest-growing tech companies. In January 2011, it acquired Hyper9 Inc, an Austin-based
virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, stor ...
management company with undisclosed terms. In July, SolarWinds completed the acquisition of the Idaho-based network security company TriGeo for $35 million. TriGeo's offices in
Post Falls Post Falls is a city in Kootenai County, Idaho, between Coeur d'Alene and Spokane, Washington. It is a suburb of Coeur d'Alene, to the east, and a bedroom community to Spokane, to the west. The population was 38,485 at the time of the 2020 cen ...
were added to the list of SolarWinds location which already included satellite offices in
Dallas Dallas () is the third largest city in Texas and the largest city in the Dallas–Fort Worth metroplex, the fourth-largest metropolitan area in the United States at 7.5 million people. It is the largest city in and seat of Dallas County ...
, Salt Lake City, and Tulsa, as well as operations in Australia, the Czech Republic, India, Ireland, and Singapore. In 2012 SolarWinds acquired the patch management software provider EminentWare, and RhinoSoft, adding the latter company's FTP Voyager product to SolarWinds' product suite. In early 2013, SolarWinds acquired N-able Technologies, a cloud-based
information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of data . and information. IT forms part of information and communications technology (ICT). An information technology syste ...
services provider. The deal was reportedly valued $120 million in cash. In late 2013, it acquired the
Boulder, Colorado Boulder is a home rule city that is the county seat and most populous municipality of Boulder County, Colorado, United States. The city population was 108,250 at the 2020 United States census, making it the 12th most populous city in Colora ...
–based database
performance management Performance management (PM) is the process of ensuring that a set of activities and outputs meets an organization's goals in an effective and efficient manner. Performance management can focus on the performance of a whole organization, a ...
company Confio Software. With the $103 million agreement, SolarWinds gained a sales office in London and Confio's main product, Ignite. Between 2014 and 2015, the company acquired the Swedish web-monitoring company Pingdom, the San Francisco–based metrics and monitoring company Librato (for $40 million), and the log management service Papertrail (for $41 million). Between 2015 and 2020, SolarWinds acquired Librato (a monitoring company), Capzure Technology (an MSP Manager software to N-able which SolarWinds had previously acquired), LogicNow (a remote monitoring software company), SpamExperts (an email security company), Loggly (a log management and analytics company), Trusted Metrics (a provider of threat monitoring and management software),
Samanage Samanage, an enterprise service-desk and IT asset-management provider, has its headquarters in Cary, North Carolina. The company's flagship product, Samanage, operates as a multi-tenant, Software-as-a-Service (SaaS) system for IT and enterprise serv ...
(a service desk and IT asset management provider), VividCortex (a database performance monitor), and SentryOne (a provider of database performance monitoring).


2019–2020 supply chain attacks


SUNBURST

On December 13, 2020, ''
The Washington Post ''The Washington Post'' (also known as the ''Post'' and, informally, ''WaPo'') is an American daily newspaper published in Washington, D.C. It is the most widely circulated newspaper within the Washington metropolitan area and has a large n ...
'' reported that multiple government agencies were breached through SolarWinds'
Orion software (archived website copy)
The company stated in an SEC filing that fewer than 18,000 of its 33,000 Orion customers were affected, involving versions 2019.4 through 2020.2.1, released between March 2020 and June 2020. According to
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...
, hackers acquired
superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of t ...
access to SAML
token Token may refer to: Arts, entertainment, and media * Token, a game piece or counter, used in some games * The Tokens, a vocal music group * Tolkien Black, a recurring character on the animated television series ''South Park,'' formerly known a ...
-signing certificates. This SAML certificate was then used to forge new tokens to allow hackers trusted and highly privileged access to networks. The Cybersecurity and Infrastructure Security Agency issued Emergency Directive 21–01 in response to the incident, advising all federal civilian agencies to disable Orion. APT29, aka Cozy Bear, working for the Russian Foreign Intelligence Service ( SVR), was reported to be behind the 2020 attack. Victims of this attack include the cybersecurity firm
FireEye Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company founded in 2022. It has been involved in the detection and prevention of major cyber attacks. It provides hardware, software, and services to investigat ...
, the US Treasury Department, the
US Department of Commerce The United States Department of Commerce is an executive department of the U.S. federal government concerned with creating the conditions for economic growth and opportunity. Among its tasks are gathering economic and demographic data for bus ...
's
National Telecommunications and Information Administration The National Telecommunications and Information Administration (NTIA) is an agency of the United States Department of Commerce that serves as the President's principal adviser on telecommunications policies pertaining to the United States' ec ...
, as well as the
US Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
. Prominent international SolarWinds customers investigating whether they were impacted include the
North Atlantic Treaty Organization The North Atlantic Treaty Organization (NATO, ; french: Organisation du traité de l'Atlantique nord, ), also called the North Atlantic Alliance, is an intergovernmental military alliance between 30 member states – 28 European and two No ...
(NATO), the
European Parliament The European Parliament (EP) is one of the legislative bodies of the European Union and one of its seven institutions. Together with the Council of the European Union (known as the Council and informally as the Council of Ministers), it adopts ...
, UK
Government Communications Headquarters Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the Un ...
, the UK
Ministry of Defence {{unsourced, date=February 2021 A ministry of defence or defense (see spelling differences), also known as a department of defence or defense, is an often-used name for the part of a government responsible for matters of defence, found in states ...
, the UK National Health Service (NHS), the UK Home Office, and
AstraZeneca AstraZeneca plc () is a British-Swedish multinational pharmaceutical and biotechnology company with its headquarters at the Cambridge Biomedical Campus in Cambridge, England. It has a portfolio of products for major diseases in areas includin ...
. FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020". FireEye named the malware SUNBURST. Microsoft called it Solorigate. The attack used a
backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so title ...
in a SolarWinds
library A library is a collection of materials, books or media that are accessible for use and not just for display purposes. A library provides physical (hard copies) or digital access (soft copies) materials, and may be a physical location or a vir ...
; when an update to SolarWinds occurred, the malicious attack would go unnoticed due to the trusted certificate. In November 2019, a security researcher notified SolarWinds that their FTP server had a weak default password of "solarwinds123", warning that "any hacker could upload malicious
ode An ode (from grc, ᾠδή, ōdḗ) is a type of lyric poetry. Odes are elaborately structured poems praising or glorifying an event or individual, describing nature intellectually as well as emotionally. A classic ode is structured in three majo ...
that would then be distributed to SolarWinds customers. ''The New York Times'' reported SolarWinds did not employ a
chief information security officer A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately pr ...
and that employee passwords had been posted on
GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous ...
in 2019. On December 15, 2020, SolarWinds reported the breach to the Securities and Exchange Commission. However, SolarWinds continued to distribute malware-infected updates, and did not immediately revoke the compromised digital certificate used to sign them. On December 16, 2020, German IT news portal
Heise.de Heise (officially ''Heise Gruppe'') is a German media conglomerate headquartered in Hanover. It was founded in 1949 by Heinz Heise and is still family-owned. Its core business is directory media as well as general-interest and specialist media ...
reported that SolarWinds had for some time been encouraging customers to disable
anti-malware Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
tools before installing SolarWinds products. On December 17, 2020, SolarWinds said they would revoke the compromised certificates by December 21, 2020. On December 21, 2020, Attorney General William Barr stated that he believed that the SolarWinds hack appears to have been perpetrated by Russia, contradicting speculations by
President Donald Trump Donald John Trump (born June 14, 1946) is an American politician, media personality, and businessman who served as the 45th president of the United States from 2017 to 2021. Trump graduated from the Wharton School of the University of Pe ...
that China, not Russia, might be to blame. In late December 2020,
Trustwave Trustwave Holdings is an American standalone business unit cybersecurity independent subsidiary and brand of multinational telecommunications company Singtel Group Enterprise. It focuses on providing managed detection and response (MDR), managed ...
, a cybersecurity firm, reached out to SolarWinds to report new security flaws they had discovered in software produced by SolarWinds. Although these vulnerabilities hadn't been taken advantage of by hackers, it raised questions concerning the network security of SolarWinds' customers. The magnitude of the monetary damage has yet to be calculated, but on January 14, 2021, CRN.com reported that the attack could cost cyber insurance firms at least $90 million. On March 1, 2021, SolarWinds CEO, Sudhakar Ramakrishna, blamed a company intern for using an insecure password ("solarwinds123") on their update server. Speculation that this led to the attack is discounted by the company and security professionals. More than the intern using a weak password, experts noted that the main issue this fact highlights is the poor security culture the company has.


SUPERNOVA

On December 19, 2020, Microsoft said that its investigations into supply chain attacks at SolarWinds had found evidence of an attempted supply chain attack distinct from the attack in which SUNBURST malware was inserted into Orion binaries (see previous section). This second attack has been dubbed SUPERNOVA. Security researchers from Palo Alto Networks said the SUPERNOVA malware was implemented stealthily. SUPERNOVA comprises a very small number of changes to the Orion source code, implementing a web shell that acts as a
remote access tool In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server or a ...
. The shell is assembled in-memory during SUPERNOVA execution, thus minimizing its forensic footprint. Unlike SUNBURST, SUPERNOVA does not possess a digital signature. This is among the reasons why it is thought to have originated with a different group than the one responsible for SUNBURST.


Insider trading investigation

SolarWinds's share price fell 25% within days of the SUNBURST breach becoming public knowledge, and 40% within a week. Insiders at the company had sold approximately $280 million in stock shortly before this became publicly known, which was months after the attack had started. A spokesperson said that those who sold the stock had not been aware of the breach at the time.


Microsoft Guidance on Service Provider and Downstream Business Attacks

In November 2021 Microsoft issued an alert in relation to the advanced persistent threat (APT) actor Nobelium (aka APT29; Cozy Bear) that was responsible for the 2020 SolarWinds supply chain attack is targeting cloud service providers (CSPs), managed service providers (MSPs), and other IT service providers. Microsoft Threat Intelligence Center (MSTIC) released a range of recommendations for service providers and downstream businesses to implement in order to address the threat.


Class action lawsuit

In January 2021, a class action lawsuit was filed against SolarWinds in relation to its security failures and subsequent fall in share price. SolarWinds has attempted to have this case dismissed and in March 2022, a judge ruled that the class action lawsuit may move forward.


References


External links

* {{Authority control 1999 establishments in Oklahoma 2009 initial public offerings 2015 mergers and acquisitions 2018 initial public offerings American companies established in 1999 Companies based in Austin, Texas Companies listed on the New York Stock Exchange Cross-platform software File transfer protocols
File transfer software File or filing may refer to: Mechanical tools and processes * File (tool), a tool used to ''remove'' fine amounts of material from a workpiece **Filing (metalworking), a material removal process in manufacturing ** Nail file, a tool used to gent ...
Network analyzers Network management Networking companies of the United States Port scanners Private equity portfolio companies Software companies based in Texas Software companies established in 1999 Software companies of the United States System administration TPG Capital companies