EXECUTIVE SUMMARY:

US President-elect Joe Biden has stated that the Sunburst supply chain attack is not yet under control. “It is a grave risk and it continues,” Biden noted.

As many as 18,000 SolarWinds customers are believed to have unintentionally downloaded the malicious software. More than 100 organizations have reported corresponding cyber viruses. Federal agencies breached include the US Treasury Department, the Pentagon, the Nuclear Security Administration, the National Institute of Health, the State Department and the Department of Homeland security. Numerous networks and high-profile email accounts were compromised.

The precise degree of damage done has yet to be determined. Cyber forensics investigators will need to closely examine the breaches and may not have complete answers for months or even years.

Organizations contending with the Sunburst attack can take these practical remediation steps:

1. Consider a zero-trust model. This can help give the right people in your organization the right context and the least privileged access to applications.
2. Improve endpoint protection. Ensure that endpoint agents are installed in prevent mode.
3. Strengthen credentials. See to it that multi-factor authentication is enabled for all users and devices.
4. Consider cyber security posture management. Take note of deviance from cloud security best practices.

Think you organization might have been breached or just have additional questions? Get in touch with a team of security experts.

For past Cyber Talk SolarWinds/Sunburst coverage, click here. For technical details concerning the breaches, click here.