The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive in response to a known compromise and ongoing exploitation by malicious attackers of SolarWinds Orion, SolarWinds Orion, a network monitoring and management platform commonly used by outsourced IT managed service providers. We recommend contacting your IT team or provider in order to determine if you use SolarWinds Orion and if steps need to be taken to secure your environment.
If you believe you have been impacted by this incident please contact the RSC Breach Response hotline at (888) 760-2493 or send an email to RSC Data Breach Hotline
What happened:
On December 13, SolarWinds warned of an attack on the SolarWinds Orion Platform, where threat actors had been able to modify software updates to deploy malware. By exploiting the malware-baed vulnerability, threat actors can install ransomware or additional malware, steal data from your network, obtain access to network resources, and install backdoors for remote access.
What to do:
The security advisory from SolarWinds details the vulnerability and recommends to determine if you are using the affected version of the Orion Platform; and to upgrade as soon as possible to ensure security. If you cannot ugrade immediately, they recommend having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is necessary.
Get in touch with the cyber team: Cyber@Risk-Strategies.com