Website monitoring like what we do here at Global NetWatch is a very helpful and crucial part of any good website, in order to keep it up and running efficiently. Due to this, countless organizations and companies choose to have their websites monitored in this way, whether it is by Global NetWatch or a different company altogether. However, in order to monitor, often a certain level of access is required into the data on the site, which can leave open doors in the security of the site. What happens when these doors are taken advantage of, and the monitoring program is used to access the information on the site? Unfortunately, we have seen exactly what can happen, in a recent attack against a monitoring company called SolarWinds.

“In a filing to the U.S. Securities and Exchange Commission on Monday, SolarWinds said it believed its monitoring products could have been used to compromise the servers of as many as 18,000 of its customers. Those clients include government agencies around the globe and some of the world’s largest corporations. The company ‘has been made aware of a cyber-attack that inserted a vulnerability within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run,’ according to the filing. ‘SolarWinds has been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state.’” This obviously raises quite a few concerns, not only for SolarWinds and its clients, but the website monitoring industry as a whole. If the monitoring program is what created the open door that these hackers used, who’s to say that this won’t happen with other monitoring programs as well?

But how exactly did this program create the security lapse that the hackers were able to use to access important data? “Hackers penetrated Orion’s update system, introducing malicious code disguised as legitimate Orion updates, according to blog posts by FireEye and Microsoft Corp. The malicious vulnerability existed in updates between March and June, the company said. The hacking tool embedded within the update even stored stolen data within the Orion software as to evade detection, according to FireEye. The result was that hackers could snoop on a company’s network all while appearing as legitimate traffic. As of mid-day Monday, the malicious update was still available for download on SolarWind’s website, according to Karim Hijazi, founder and chief executive of Prevailion Inc., a Maryland-based cybersecurity firm. Hijazi said his team compared the available download with security alerts identifying the tampered update, and it’s an exact match.

There is no way of knowing, of course, whether or not this sort of attack will happen again, to SolarWinds or any other similar company. However, knowing that it can be done is enough cause to worry. Tools like SolarWinds that require a software agent to be installed on a server can provide a deep level of insight into the health and availability of a server; however, that same deep level access can also be a risk factor if that monitoring software is compromised. For companies that are concerned about the potential risk associated with giving third-party monitoring software access to their servers, there are safer alternatives.

At Global NetWatch, our monitoring system does not require anything to be installed on our client’s servers. We utilize an external approach that simulates the same kind of traffic that real users would generate. This approach can provide a safer alternative to solutions that require a software agent to be installed on the server. In addition, because there is no software to be installed, Global NetWatch monitoring can be configured and started in mere minutes without the need to go through the security audits that are likely to be a part of any solution that requires software to be installed on the server.