Urgent – Cyber Security Alert: SolarWinds
SolarWinds Orion IT Management Platform Security Breach
If you were not aware, yesterday, SolarWinds Orion IT Management platform was identified by FireEye as the conduit for an aggressive hack against the United States Department of Treasury. Government security officials are urging all users of SolarWinds Orion to immediately discontinue use and conduct network investigations to determine whether they may have been impacted.
The malicious code was distributed to SolarWinds’ clients through an update in the spring of this year. The malicious code creates a backdoor on systems and then contacts the hackers to allow them to gain access and begin exfiltrating data from the network. Any organization that utilizes SolarWinds Orion should be considered at risk.
What you should do if you are using SolarWinds Orion:
1) FIRST, IMMEDIATELY UPGRADE TO ORION PLATFORM RELEASE 2020.2.1 HF1.
(Orion Platform release 2020.2.1 HF1)
2) THEN APPLY THE FOLLOWING SECURITY MEASURES:
✔ Ensure that SolarWinds servers are isolated/contained until further review, including blocking all Internet egress from SolarWinds servers.
✔ Restrict scope of connectivity to endpoints from SolarWinds servers.
✔ Restrict the scope of accounts that have local administrator privileges on SolarWinds servers.
✔ Block Internet egress from servers or other endpoints (e.g., desktops, laptops, smartphones, tablets, servers, workstations, Internet-of-things (IoT) devices).
✔ Change passwords for accounts that have access to SolarWinds servers.
✔ Conduct a review of network device configurations for unexpected and/or unauthorized modifications.
If your company leverages SolarWinds, do not hesitate to contact us for assistance. We thought the risk warranted notifying our both our audience as well as our clients. It is not only important to keep Government Agency information safe, but your information as well.
We wish you a safe, healthy, and happy holiday season!