Customer Update: SolarWinds Orion Compromise

Article By: Ardalyst

As you all know, FireEye recently uncovered that multiple commercial and government organizations were infiltrated by cyber threat actors via exploitation of the SolarWinds Orion software. CISA, FireEye, Microsoft and the FBI continue to investigate this incident and publish updated information regarding the exploitation.

This is a rapidly evolving situation, and new information comes to light regularly.

We are monitoring the news and will continue to keep our customers informed. In the meantime, it is important to remain calm and maintain regular operations to keep your business thriving. No organization is entirely invulnerable to cyber threat, but the ability to fight through an incident and maintain business continuity is key.

FireEye has been the quintessential example for cyber resiliency. This more mature approach for fighting through the type of advance threat scenario that has been reported was only recently published as a standard by the National Institute of Standards and Technology (NIST) in their Special Publication 800-160 Volume 2: Developing Cyber Resilient Systems.

Recommendations

1/5/2020

CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. Ardalyst will be running this script on our and our customers’ M365 tenants.

12/18/2020

In accordance with CISA Emergency Directive 21-01, we highly recommend you disconnect or power down any SolarWinds Orion products until further notice if you are using them.

If you are not currently a monitored customer and would like to discuss implementing monitored service with us, please call 833-682-8270 so we can get started as soon as possible.

Resources

CISA Alert (AA20-352A)

CISA Releases Free Detection Tool for Azure/M365 Environment

CISA Insights: What Every Leader Needs to Know About the Ongoing APT Cyber Activity

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

CISA Emergency Directive 21-01

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

Unauthorized Access of FireEye Red Team Tools

Need Assistance?

Speak with an Engineer

Not sure where to start? We're here to help walk you through the process, understand your environment, and provide the guidance you need to achieve cybersecurity maturity. Get in touch today.

Get in Touch