What You Should Know About the Ongoing SolarWinds Government Cyber Breaches

The latest on the SolarWinds breach

This is a developing story...Latest Update 12/17/2020: Microsoft has changed Windows Defender’s default action against this malware from “Alert” to “Quarantine,” This action could cause systems to crash but will effectively kill the malware when it discovers it. On Sunday, December 13th, 2020 it was discovered that a large-scale cyber breach has infected U.S. government agencies, including the Department of Treasury and the Department of Commerce.

A Russian government-backed group, known as APT29 or Cozy Bear, are suspected to be behind this large-scale attack. This group was responsible for the breach of security solutions-provider FireEye, as well as, previous attacks on the U.S. State department and COVID-19 vaccine research sites this summer. 

The current, on-going attack actively affects SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, released between March 2020 and June 2020. 

While the attack targeted government agencies, private-sector businesses who use this software could also be affected

What We Know About the Attack

This is known as a "supply-chain attack." The bad guys inserted malicious code into periodic updates of SolarWinds' Orion IT monitoring and management software used to manage networks. The scope and sophistication of this attack led researchers to suspect the Russian-backed group was responsibility. 

According to FireEye, the attacker’s activity since the breach uses multiple techniques to evade detection and obscure their activity. 

This attack could have begun as early as Spring 2020 and is currently ongoing. The campaign is widespread, affecting public and private organizations around the world.

SolarWinds reach and customer base is nationwide for network monitoring and management. The scope of this attack will not be fully realized for several months. It appears that the hackers went after the highest value government targets first, but many more government and private business networks may already be compromised.  

Attacks like this point out the vigilance required by all managed service providers when it comes to shoring up their network security. Reuters reported this week that SolarWinds was alerted as far back as 2017 that exploits to its network were being sold on dark web forums. One security researcher even stated that SolarWinds update server could be easily accessed with minimal hacking ability. 

What Should SMB's Do To Be Safe?  

There's some good news for Microsoft users. Starting today (December 16th) Microsoft Defender Antivirus will block and isolate malware-infected versions of the SolarWinds app. 

If you are a Solar Winds customer, immediately upgrade to Orion Platform release 2020.2.1 HF 1, which is currently available via the SolarWinds Customer Portal.

SolarWinds has also released additional mitigation and hardening instructions at https://www.solarwinds.com/securityadvisory.

If you're not a Solar Winds customer, now is still a great time to contact your cyber security and IT support team to make sure attacker activity is not discovered in your environment.

If you don't already have one, work with experts to design a remediation strategy to know exactly what you should do if your environment gets impacted by a breach. 

Do you need an IT Support Partner who understands network security in the face of today's threats? Contact Us Today

PTG offers Cyber education advanced cybersecurity and phishing tests for your employees.

(We'd like to thank one of our Cyber SOC partners, Arctic Wolf Networks for contributing to this report.)

Additional References to keep up with this on-going attack. 

Related Posts

tattered-paper-airplane-sign-fallen-in-front-of-white-brick
How to Protect Your Business From This $43B Scam
- First, the FBI recently reported business email compromise attacks were up 65% from July 2...
metal-shield-on-white-plaster-background
Mastering Cyber Insurance: From Risk to Resilience
- In an era where businesses rely heavily on technology and digital operations, the threat o...
woman-in-front-of-board-of-fabric-on-mac-laptop
How to Stay Safe Online: 7 Tips we Learned from Cybersecurity Awareness Month
- Feel like you're in an eternal game of cat-and-mouse with cyber attackers? Well, welcome t...