December 16, 2020
You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive in response to a known compromise and ongoing exploitation by malicious attackers of SolarWinds Orion, SolarWinds Orion, a network monitoring and management platform commonly used by outsourced IT managed service providers. We recommend contacting your IT team or provider in order to determine if you use SolarWinds Orion and if steps need to be taken to secure your environment.
If you believe you have been impacted by this incident please contact the RSC Breach Response hotline at (888) 760-2493 or send an email to RSC Data Breach Hotline
What happened:
On December 13, SolarWinds warned of an attack on the SolarWinds Orion Platform, where threat actors had been able to modify software updates to deploy malware. By exploiting the malware-baed vulnerability, threat actors can install ransomware or additional malware, steal data from your network, obtain access to network resources, and install backdoors for remote access.
What to do:
The security advisory from SolarWinds details the vulnerability and recommends to determine if you are using the affected version of the Orion Platform; and to upgrade as soon as possible to ensure security. If you cannot ugrade immediately, they recommend having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is necessary.
Get in touch with the cyber team: Cyber@Risk-Strategies.com
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.