For the Infosec community this SolarWinds hack is a prime description of a dumpster fire. A stinky mess on fire. New information
is constantly dumping with the scale of this hack, so we want to share with you the information we have.
SolarWinds is a tech company based out of TX that makes network management and monitoring tools with more than 300,000 customers worldwide. Many of them enterprise and government level organizations. This extremely sophisticated attack is
considered a supply chain attack. When 18,000 of SolarWinds Orion customers downloaded an update file, they inadvertently downloaded an embedded malware called SUNBURST. After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services.
Numerous security companies were affected by this breach, but it was FireEye’s advanced research and detection methods that identified the intrusion and was able to trace the breach back to SolarWinds. Post notification of the situation, the FireEye
team continued to exceed cybersecurity community expectations with level of communication and responses to breach.
Unfortunately, their Red Team Tools, used to mimic the behavior of many cyber threat actors and enable FireEye to provide
essential diagnostic security services to their customers, were compromised. It’s important to use this event to start thinking about a more resilient, hardened multilayer approach and not relying on a single solution to protect you.
Contact us today to learn more about how we can help you build those secure layers.