08-December-2020 marked one of the most sophisticated cybersecurity espionage events in US history. FireEye, a top US cybersecurity research firm, identified and reported a breach on the SolarWinds Orion Platform used by organizations to manage their IT infrastructures. FireEye has named this malware infecting SolarWinds Orion component “SUNBURST” and has provided detailed information on the attack. SolarWinds has also issued an advisory on the incident.
Recently CISA-DHS issued a directive for all federal agencies not to install any updates from SolarWinds until further notice and keep such systems disconnected or powered down.
Does this affect ControlCase customers?
ControlCase does not use the affected products or services of the affected organizations.
Even though there is no evidence that ControlCase is affected by this threat, we are constantly monitoring the developments of these attacks and evaluating any potential threats that may affect our network or systems. ControlCase is continuously updating the detection and protection tools to include the latest verified signatures of SUNBURST malware. We are also utilizing the available information to strengthen our procedures and practices further and ensure that such attacks are avoided.
What to do if your organization uses SolarWinds components?
If your organization uses SolarWind products, the following are some suggested actions:
- Detect if systems are running the impacted version of SolarWinds Orion Network Monitoring Product: versions 2019.4 HF 5, 2020.2 (no hotfix) or 2020.2 HF 1 released between March 2020 and June 2020.
- Click Here for instructions on how to check the version of Orion Platform. Click Here to check which hotfixes are applied.
- Suppose any system is observed to be running these versions, it is strongly recommended to conduct an in-depth forensic analysis of the systems and the network for any attack or breach indicators.
- FYI there are instructions on SolarWind’s advisory to update the affected software and take additional steps to secure the setup.
- Most endpoint detection tools have released IOCs for SUNBURST. It is recommended to ensure that your endpoint detection tool is capable of and updated to identify these indicators
Vendor risk management is the process organizations use to understand the risks that exist and the risks that they assume due to their business relationships with third-party vendors.
Recommended ControlCase Solution – Vendor Risk Management
The ControlCase Vendor Risk Management Service utilizes a Regulatory Audit to help clients implement and manage a flexible and scalable program that verifies and validates the information security management controls and processes that your third-party business associates have designed and implemented to protect sensitive information.