In late 2020, the discovery of the SolarWinds breach rocked the cybersecurity world, affecting thousands of private companies across the world, as well as the several branches of the US Federal Government. A few months on from the attack, much remains unclear. Despite reasonable speculation, nobody fully understands exactly how the breach happened.
The SolarWinds breach went undetected for months, exploited high-profile targets, and (according to the FBI) was executed by sophisticated hackers likely backed by foreign governments. The breach was related to SolarWinds Orion Products, a suite of IT infrastructure and management products used by large organizations to monitor their IT stacks.
Were you impacted by the breach? Check out this resource from Attila: Support for SolarWinds Orion Security Issues.
One possible explanation for the attack is that the SolarWinds breach first occurred through a captive portal. Captive portals are very common, but the implications of using them are not particularly well understood, and a lot of cybersecurity firms don’t provide effective ways to secure them. Read on to learn more about what a captive portal is, why it may represent an ongoing cybersecurity concern and what you can do to protect your sensitive data and business operations.
What is a Captive Portal?
In essence, a captive portal is the technology that guest users use to connect to a public WiFi network. Captive portals are commonly used at hotels, restaurants, offices and countless other places. Typically, a user inputs some identifying information, like their email address or room number, agrees to terms and conditions, and is then connected to the WiFi network.
Read the Case Study: Securing Mobile Comms Kits
Attila’s GoSilent provides a low cost, high bandwidth solution to protect data, voice and video communications in comms kits.
Are Captive Portals Secure?
Captive portals are notoriously insecure, and provide a vulnerable entry point where attackers can leverage access to a user’s device to gain access to an entire corporate network. There are several ways bad actors can exploit captive portals. It is possible that SolarWinds could have been vulnerable to various types of captive portal attacks.
The standard approach to cybersecurity around captive portals is to install virtual private networks, or VPNs, on employee’s smartphones, laptops and other work devices. Traditional methods for this are far from foolproof. VPNs take as long as three minutes to connect to a network and start functioning. That’s more than enough time for a malicious actor to access the user’s device and compromise the whole network.
There’s really only one way to effectively mitigate the risks of captive portals, and there’s no way of knowing if Solar Winds employed this strategy.
Captive Portal Isolation
Captive portal isolation uses a combination firewall and a hardware VPN with a built-in stateless sandboxed web browser. This combination of cybersecurity tools prevents the captive portal web page from ever actually loading on the user’s device. Instead, the stateless sandbox browser facilitates the connection, and the combination firewall prevents any malicious actors from accessing the connecting device.
Attila GoSilent Cube: a Superior Solution for Cybersecurity
While we’ll likely never know for sure exactly how attackers breached the SolarWinds Orion platform, it’s entirely plausible that they could have accessed the network through a captive portal attack. Captive portals remain a major vulnerability for all kinds of organizations and many cybersecurity firms are doing little to address this. As companies and organizations across the world embrace remote work, it’s more crucial than ever that they take every action possible to defend themselves against these types of attacks.
For many companies, the solution is found with the Attila GoSilent Cube. This hardware VPN requires little to no configuration and is a plug and play solution with sophisticated results. Get security over any connection, secure multiple devices at once and connect from anywhere. This is security you can trust. Go here to learn more.