You are probably familiar at this point with the security attacks against FireEye and SolarWinds. The GreenPages Team has been digging into the incidents and collecting information on how best to inform our network. We hope you find this insight useful.
The details as we know them:
- What happened is a nation-state style attack. This is not script kiddies (if they even exist anymore) or a gang, or even tier 2 professionals. If it is what FireEye has shared, this was the best-of-the-best computer scientists out there working to take them down.
- This was not a random attack. For an N-S attack to occur and for the organization to be willing to "burn" tools (burn = expose unknown weakness and exploits so that the exploits can't be used again), there would need to be clearance to do so at the highest levels of government.
- An N-S attacker has unlimited resources, and for something like this to occur at this level, it is highly likely this attack was politically motivated; so unlimited truly means unlimited.
Unfortunately we may never find out the exact details of what happened. Scratch that, we will never find out all the details. This event should bring to light how vulnerable all of us are and why continuous diligence is critical to protecting our networks.
As we all know, anyone can be hacked, any environment can be breached, and anyone can accidentally lose data. It happens. It is shocking and upsetting to see pillars in the security tools community attacked. Our stance has been and continues to be the following:
- Clean up and lock down Active Directory
- Strong passwords - the longer the better
- Accounts with elevated privileges can’t access the internet
- MFA for everyone and everything
- SSO is the way to go
- Layer the tools to ID different types of malicious behaviors and anomalies
- SIEM & SOC services provide 24x7 monitoring and evidence collection
- Security Awareness training matters
It is important that our clients stay more diligent than ever, that security awareness needs to be raised inside your organizations, and that GreenPages is here to help you achieve the best levels of protection possible.
Whether firewalls, endpoint security, SOC2, or CMMC, GreenPages can help you select tools, layer security, select certifications, and manage all of this as you need. Reach out to us.