Authentication Lessons Learned from SolarWinds Hack

The recent SolarWinds breach rocked the cybersecurity world from top to bottom, leaving many questioning their own practices when it comes to securing data. In the weeks following the attack, it became evident that the traditional multi-factor authentication (MFA) and password measures that SolarWinds had in place were practically useless in preventing the damage caused.

So, how did this happen? And more importantly, could it have been prevented?

What Happened?

In the weeks since the breach, digital forensic investigators have confirmed that external attackers were able to alter code builds for the IT monitoring platform, Orion, to test their ability to inject malicious code into further software builds without being detected. This occurred months before SolarWinds became aware of any breach.

According to CISA (Cybersecurity and Infrastructure Security Agency), further investigation has shown that the hackers used a series of common practices to gain initial access, including:

  • Trojanized updates

  • Password guessing

  • Password spraying

  • Securement of administrative credentials through external remote access services

Once the attackers gained access to internal networks and cloud infrastructure, they were able to obtain administrative rights and create authentication tokens to access additional resources inside the corporate network, completely bypassing existing multi-factor authentication security measures.

Could the Breach Have Been Prevented?

While it is impossible to say for sure if this, now notorious, breach could have been prevented, one thing is clear: the traditional MFA solution in place was not enough to deter the threat actors. If SolarWinds had been utilizing a more secure method of authentication, such as Bio-factor authentication (BFA), it is very possible that they would have known about the breach earlier, significantly reducing the damage.

Bio-factor Authentication requires that a user supply a biometric, such as a fingerprint or iris scan, before granting access to a particular resource, system, or device. In this instance, BFA would have acted as a much-needed, additional security checkpoint, preventing the threat actors from escalating access.

Unlike the methods most MFA providers rely on, such as push to accept or one time passcodes, biometrics are extremely difficult to steal or spoof. If the culprits behind the SolarWinds hack were to attempt to bypass BFA, they would likely fail. These failed authentication attempts are quickly flagged for security teams to investigate and remediate, which in the case of SolarWinds, would have alerted them of the attack much sooner.

The biometric checkpoints that BFA provides could have safeguarded against the unauthorized creation of new user accounts and ensured that no developer code was pushed to the master code repository, forcing the threat actors to find an alternative method of attack.

Ultimately, we know that there is no one solution to protect an organization from a major attack such as SolarWinds. However, any additional obstacles that you can put in front of a cybercriminal will reduce your overall risk exposure and the likelihood of an attack.

Benefits of Bio-factor Authentication

Bio-factor Authentication is the next generation of MFA and is proven to be the most secure form of authentication currently available to defend the enterprise.

In addition to securing code development, security professionals can leverage BFA to:

  • Enable Zero Trust security

  • Embrace a passwordless future

  • Meet NIST 800-171 compliance requirements

  • Enhance identity and access management (IAM) programs

  • Secure remote privileged access

To learn more about Bio-factor authentication, please visit: