by Dominic Wetherall
About the SUNBURST Cyber-Attack.
The SolarWinds Orion hack could become one of the most extreme and severe cyber-attacks in history. A series of notifications from technology companies and US government agencies indicated the existence of a large-scale and persistent Cyber Attack (approximately 18,000 potentially affected customers according to SolarWinds).
The complexity and advanced nature of the threat suggested involvement of a nation-state actor. Initial information highlighted that part of the initial attack vector included the successful insertion of backdoor functions into the SolarWinds Orion network performance monitoring platform. Once established on the network, attackers were able to move laterally across a network, extend into corporate, cloud and SaaS resources, and maintain presence as they searched for information relevant to campaign objectives.
Data breaches affecting millions of users are far too common, but this one is different. The scope of the SolarWinds supply chain breach continues to expand.
“So far we know that 18,000 SolarWinds customers have downloaded the patches and companies in the UK have been affected. The patch to SolarWinds Orion, which contains the malware, was inserted back in March. That gives the perpetrators almost 9 months to get to work compromising and stealing information. This is an incredibly serious incident, and I can’t underplay the damage it may have done.”
Davoc Bradley IT & Security Director
If you have SolarWinds Orion installed on your infrastructure you should immediately read and follow these instructions to understand if you are affected: https://www.solarwinds.com/securityadvisory
In addition, please review this extremely useful resource from Check Point https://supportcenter.checkpoint.com
How we can help.
It has been a very different year and the last thing we all needed was to conclude 2020 with an unprecedented cyber-attack. In conjunction with our security partner Check Point, we are here to help.
We must work together to ensure that we use the best security to enable this new reality while keeping everybody safe. This task is now more crucial than ever.
If you believe you were exposed to the SolarWinds / SUNBURST cyber-attack or would like to register for a security health check. Please 'get in touch'.