Security Bulletin: SolarWinds Security Advisory

We want to make you aware of a recently announced security advisory impacting software from SolarWinds.  

This vulnerability impacts their Orion Monitoring Platform and could lead to nefarious actors accessing your monitored systems and deliver Malware (called SUNBURST) or perform other unauthorized activities. 

SolarWinds has published an advisory is recommending that all users upgrade to the newest version and to also apply a HotFix which is scheduled to be available on Tuesday, December 15th, 2020. 

Additional details are available by visiting https://www.solarwinds.com/securityadvisory. 

 

Additional Resources

Here are additional links to related information that includes detections options, setting updates to identify and stop this activity as well as Github postings and other helpful updates:  

Department of Homeland Securityhttps://cyber.dhs.gov/ed/21-01/   

Microsofthttps://www.microsoft.com/security/blog/2020/12/15/ensuring-customers-are-protected-from-solorigate/ 

Palo Alto Networkshttps://unit42.paloaltonetworks.com/fireeye-red-team-tool-breach/  

Fortinethttps://www.fortiguard.com/threat-signal-report/3770/supply-chain-attack-on-solarwinds-orion-platform-affecting-multiple-organizations-worldwide-apt29  

Crowdstrikehttps://www.crowdstrike.com/blog/identity-security-lesson-from-recent-high-profile-breaches/  

F5https://devcentral.f5.com/s/articles/F5-SIRT-FireEye-SolarWinds-Guidance-Update

 

This highlights the challenges in enabling Network Monitoring Software (NMS) in your environment which is designed to provision, discover, monitor, and maintain computer networks. To be successful, most NMS systems require access to monitored systems however, how do you monitor your monitoring system you ask?

It has to do with setting expected and unexpected activities along with integrating the monitoring and reporting of these activities in your security posture. Most NMS offers this capability however it is often not implemented or even overlooked in its deployment thereby increasing the risk potential if and when the NMS is compromised.  

The good news is that this can be corrected even for currently deployed NMS environments and we can help but we need to start now.

Patrick Zanella, CISO, Security Practice Lead
T: 781-761-7594 C: 774-280-0121