As of last night, a major incident was identified with SolarWinds.
SolarWinds provide cybersecurity products and services across many sectors in different parts of the world.
The SolarWinds Orion product is believed to be compromised during the supply chain process unbeknownst to the service provider and their clients. It was reported that as part of the software updates that occurred during Q2, an advance persistent threat (APT) malware was introduced into their clients’ network.
Cyber breach of this nature is alarming for many reasons. The main one is the ability for the bad actor to infiltrate the network and persistently source company or in most cases agency data undetected.
The malware is a sophisticated malicious attack that was created to implement several attack vectors to gain access to the network.
I can tell you, there will be several studies about this attack for years to come.
The best thing to do now is to review your cybersecurity program to make sure you have a sufficient incident response process to handle this and other incidents. As soon as possible, change your passwords. The bad actors (nation-states) have had sufficient time on networks to collect passwords.
It is also critical for you to follow the direction of your cybersecurity team or provider.
Make sure the passwords are at least 8 characters long with special characters (symbols and numbers).
Firms should be reviewing their audit logs to identify any abnormalities and vulnerability scans on a regular basis.
Work with your cybersecurity team/provider to ensure that your firm is not caught in what may be a calculated attack.
A Note to Financial Firms:
As a former CCO, I have been in your shoes. I remember when the NotPetya attack occurred in 2018. Clients, vendors, and regulators were all asking how the firm addressed the attack. So be proactive now and as always document everything, because your firm’s response to this incident will be part of a due diligence questionnaire coming soon.
More info about the attack: — SOLARWINDS ATTACK Forbes’ Article
Reach out to CybSecWatch for more information and tips to strengthen your program today.
12/14/20