BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Has Your Organization Been Breached By Solar Winds Malware?

Has Your Organization Been Breached By Solarwinds Malware?

Although mainstream media coverage of the massive Solarwinds hack seems to indicate the danger is over, the sophisticated hackers may still be hiding in plain sight.

Microsoft recently uncovered at least three strands of malware deployed by the alleged Russian hackers. This new revelation raises alarms across industries that the Solarwinds attacks may not be over. The question business professionals need to be answered is whether their network has been breached and if cybercriminals are actively copying and selling digital assets on the dark web.

Has Your Organization Been Breached By Solar Winds Malware?

What Is The Solar Winds Hack?

Highly skilled cybercriminals reportedly penetrated a Solarwinds system known as “Orion.” These stealth hackers managed to insert malicious code into its software products that were inadvertently dispersed to the outfit’s 33,000 customers in the form of updates.

This code created secret backdoors that allow digital thieves and spies to infiltrate wide-reaching networks, including government agencies such as the Department of Homeland Security and Treasury Department, among others. The so-called Solarwinds attacks were not limited to government targets. Malicious code has been identified in private sector organizations, and the full breadth of the cyberattacks remains unknown.

So pervasive and potentially destructive is the Solarwinds attack that congress held hearings to get a handle on its business and national security implications. Under intense questioning by lawmakers, an official from the Solarwinds reportedly blamed the breach on an intern who ignored the corporation’s cybersecurity protocols. According to news reports, the intern used the weak password “solarwinds123” and posted it online. Cybersecurity experts attribute upwards of 95 percent of breaches to human error.

Who Has Been Impacted By The Solarwinds Attacks?

To say the attacks blindsided private businesses and government agencies would be something of an understatement. Government-vetted firms such as FireEye were compromised due to the sophisticated methods used to hide the malicious code in software updates. The widespread embarrassment from organizations previously considered among the most secure has led many to believe critical information continues to be withheld. Much of the information released about the devastating breaches fails to identify the organizations that have been breached.

On the one hand, working with Solarwinds as a vendor or customer does not necessarily mean that an organization suffered a breach. But by that same token, the supply chain nature of the cyber-attack suggests that outfits outside direct Orion software users could be infected right now. That’s largely because congressional hearings and investigative reports indicate the hackers possess heightened skills, appear well-funded, and demonstrate a determination to hide in networks as long as possible to pilfer off digital assets and valuable personal data. Solarwinds appears to be an ongoing cybersecurity nightmare that should worry industry leaders.

How To Know If You Suffer A Solarwinds Breach?

As Microsoft and others continue to ferret out malicious strands of code, cybersecurity responses are being developed. Industry leaders who are concerned their organization may have been compromised enjoy access to open-sourced CodeQL queries. These are being rolled out by Microsoft to investigate incidents of Solarwinds Orion Malware laying hidden in networks.

Microsoft offers concerned parties free access to its cybersecurity software that was crafted to hunt down this malware. Decision-makers would also be wise to take the following proactive measures to ensure the integrity of their digital assets.

  • Enforce Strong Password Policies
  • Use Multi-Factor Authentication For Employee Login
  • Backup Data To Cloud & Offline Resources
  • Monitor Third-Party Controls & Interactions
  • Develop A Company-Wide Cybersecurity Policy
  • Require Employees To Undergo Cybersecurity Awareness Training
  • Maintain Enterprise-Level Firewalls & Virtual Private Networks

The Solarwinds attack highlights how clever, well-financed hackers can infiltrate seemingly impenetrable defenses such as the Department of Homeland Security. That’s why it’s essential for organizations to harden their cybersecurity defenses and deter emerging threats. However, the average business with even sound cybersecurity protections in place was no match for these Russian hackers. If you are concerned your network has been compromised through the Solawinds supply chain or by other threat actors, contact a cybersecurity expert and have your system analyzed and penetration tested.

More Like This

AA21-265A: Conti Ransomware

Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use multi-factor authentication. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. See the ATT&CK …

AA21-265A: Conti Ransomware Read More »

Read More

Are You Planning to Download Windows 11 Free Update?

Are You Planning to Download Windows 11 Free Update? Here’s a Quick Guide Microsoft’s new operating system has generated considerable interest from users and tech experts. Windows 11 brings many key new features that enhance the overall user experience. From October 5, 2021, Microsoft will roll out the update to eligible Windows 7 and 10 …

Are You Planning to Download Windows 11 Free Update? Read More »

Read More

AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for  referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States …

AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus Read More »

Read More

If You Own These Four Small Business Cisco Routers: It’s Time to Replace Them

If You Own These Four Small Business Cisco Routers: It’s Time to Replace Them A security flaw discovered in RV110W, RV130, RV130W, and RV215W Cisco routers creates significant vulnerabilities. Traditionally, these UPnP (universal plug and play) routers would receive security updates from the vendor. However, Cisco recently announced that it has no plans to release …

If You Own These Four Small Business Cisco Routers: It’s Time to Replace Them Read More »

Read More

Do You Want to Speed Up Your Computer?

Do You Want to Speed Up Your Computer? Here are Top Tips A slow computer can undermine productivity and become a source of frustration. Fortunately, there are several ways to boost speed and overall performance, irrespective of whether your computer is relatively new or older. You can achieve the desired performance by following specific tips …

Do You Want to Speed Up Your Computer? Read More »

Read More

AA21-243A: Ransomware Awareness for Holidays and Weekends

Original release date: August 31, 2021 Summary Immediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and software. • Use strong passwords. • Use multi-factor authentication. …

AA21-243A: Ransomware Awareness for Holidays and Weekends Read More »

Read More