In December 2020, one of the largest and most sophisticated cyberattacks ever was found to be taking place on systems across the globe. Security experts discovered that the SolarWinds Orion platform was the subject of a supply chain hack. Hackers were able to inject malware directly into the binaries of some Orion updates. This attack was a big deal because SolarWinds’ Orion is a monitoring and automation platform. The company’s motto, “One platform to rule your IT stack,” makes it a very enticing target for bad actors.
More than 200 companies and federal agencies were impacted by this attack, including some big names such as Intel, Nvidia, Cisco, and the US Departments of Energy and Homeland Security. Experts suspect that this attack is responsible for other exploits found shortly after at Microsoft and VMware.
If someone is able to gain full access to an automation platform, not only are they able to perform any action that platform has permissions to perform, but they also have access to all the information and data stored inside that platform. So, if you have a script with full domain admin rights or full global administrator, the bad actors will have those same rights and privileges.