Remediation Steps for SolarWinds Orion

It’s no secret that recent headlines have consistently featured cyber-attacks on a variety of companies and industries. Last week’s FireEye breach was significant and represents what appears to be nation-state activity targeting our infrastructure using supply-chain attack(s). By-product(s) of this attack are surfacing with each passing day.

 

Yesterday – one of these by-products, affecting the SolarWinds platform ‘Orion,’ was announced by DHS and highlighted several suggested actions to be taken by SolarWinds consumers to secure their environments.

 

In summary, a malicious update to the platform was released that effectively enabled a backdoor into systems within environments monitored by this platform. It’s noteworthy that the same supply-chain issue triggered this exploit as the FireEye breach.

 

It also highlights the growing concern posed by ‘fourth party risk’ whereby we’ve all become so interconnected that if one system is compromised, all others must take action to ensure their vulnerabilities are addressed.

 

SolarWinds released a statement and recommended actions on the matter as well. Chris Krebs, former director for the CISA captures the appropriate tone; you will find it in the bottom article linked below:

 

“If you’re a SolarWinds customer & use the below product, assume compromise and immediately activate your incident response team. Odds are you’re not affected, as this may be a resource-intensive hack,” said Christopher Krebs, former director of CISA. Krebs also shared his confidence in CISA and his suspicion that the cyberattack “has been underway for many months.”

 

https://www.reuters.com/article/global-cyber-idUSL8N2IU3IY

https://www.meritalk.com/articles/cisa-issues-emergency-directive-to-disconnect-solarwinds-orion-products/

 

The EVOTEK Security Team is here to assist. If you have an immediate need, please contact us today. Alternatively, you can register for this Wednesday’s Executive Intelligence briefing or January’s Security Summit.

 

Stay safe, informed, distanced, and masked. 😷