EXECUTIVE SUMMARY:

Recently, the supply chain attack on the Texas-based IT firm known as SolarWinds morphed into one of the largest cyber security attacks in US history and made headlines worldwide. The company issued an advisory warning to 33,000 of its customers, although the attack is believed to have impacted a smaller number of groups; roughly 18,000.

The SolarWinds supply chain attack (also commonly referred to as Sunburst) began months before it was recognized and calls into question the trustworthiness of the primary technology tools that organizations leverage in order to manage their technology resources.

As the attack hit SolarWinds’ clients, CISA ordered all US federal civilian agencies to immediately review their networks and to shut down SolarWinds’ products. At least 6 federal agencies, from the Pentagon to the Treasury Department were affected. The majority of Fortune 500 companies were also clients of SolarWinds’.

What are SolarWinds’ products used for?

SolarWinds produces an enterprise software suite used for application monitoring and network configuration management. To enable the software to run properly, it’s common for network admins to grant the software extensive privileges. As a result, it’s a valuable target for cyber adversaries.

The attack occurred in relation to software that brings in roughly 50% of SolarWinds’ annual revenue; around $345 million. SolarWinds’ stock price has dropped 25% since the story first emerged.

What does the US Cybersecurity and Infrastructure Security Agency (CISA) say about the SolarWinds attack?

CISA is currently investigating initial attack access vectors and has released supplemental guidance that builds on its Emergency Directive (ED) 21-01.

A series of federally issued resources are available for users and administrators who seek additional information about the attack.

  • Click here for CISA’s supplemental guidance document.
  • Click here for CISA’s mitigation-related information.
  • Click here for CISA’s general information on Advanced Persistent Threats within government, critical infrastructure and private sector groups.

Is your organization concerned about a possible SolarWinds/Sunburst related breach?

Get a security check up. Information on how to run free security check ups is available here.  For more on the SolarWinds’ breach, see our past coverage.