By now, you have probably heard of the SolarWinds hack that is being called the largest such hack of the U.S. Government (and most of the Fortune 500) in at least a decade. CynergisTek, Inc.’s Chief Information Security Officer (CISO), Thomas Graham gives his outlook and provides recommendations on this egregious hack of a lifetime:
The impacts of the SolarWinds hack are still being determined and may reach further than simply those who utilized the SolarWinds Orion module. Microsoft has recently released/notified a number of companies who were impacted ancillary to the SolarWinds hack due to attackers being able to jump from one compromised solution to another. Additionally, a second backdoor has been found in the compromised package that points to more than one potential malicious actor.
With these ongoing revelations, my own opinion of this, is the SolarWinds hack will be more far-reaching than we will probably know, but regardless government and enterprise organizations alike should be operating at a heightened sense of urgency. Currently, it appears that the attackers limited the malicious activity to viewing/reading real data rather than destroying/modifying it. However, this is still a large concern and as the investigation continues the activity of the attackers may be updated. Additionally, be aware that simply because someone says there is “No evidence of compromise” this simply means they could not find any evidence. Not that it did not actually occur as attackers are often fond of destroying logs indicating who/what/where/when/how they accessed files/systems.
With this in mind, I recommend organizations take the following steps to combat potential SolarWinds impacts:
- Initiate an in-depth review of your configurations and protections to ensure you have proper alerting in place for any new elevated accounts.
- Implant additional alerts for certain activities such as updates to existing, published, software packages.
- Most importantly, CHANGE DEFAULT PASSWORDS!
I recommend all of these steps regardless of if you directly utilize SolarWinds and communicate why this is being done to the larger organization to increase awareness. As always, with anything of this magnitude, if you have any questions or think something “wonky” is going on with your organizational system reach out to your IT department or CISO. After all, your employees, coworkers, and YOU are the last line of defense!
CISO, CynergisTek Inc.
About the AuthorFollow on Twitter Follow on Linkedin More Content by Thomas Graham