GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

The SolarWinds Orion Cyberattack; Latest Security Updates & Guidance for All Organizations

Posted by: GreenPages
Read More
All Posts

The SolarWinds Orion Cyberattack; Latest Security Updates & Guidance for All Organizations

What We Currently Know

We’ve all been following the news about the SolarWinds supply chain attack where threat actors exploited the company’s Orion software update to plant malware on corporate and government networks. The situation continues to unfold with new headlines announcing the scale of the attack, including an additional threat actor believed unrelated to the first attack.

From a security standpoint, there were two important things to note around Microsoft and its swift response to the breach. Although Microsoft seized the domains which halted malicious activity, for customers whose command and control session was set up, the threat actor was able to gain access, resulting in out-of-band persistence and compromised environments. Here is Microsoft’s customer guidance response to the threat actors forging the SAML Tokens.

On Saturday Dec 19, CISA updated their initial alert to state there was evidence not tied to the SolarWinds Orion platform. “Specifically, we are investigating incidents in which activity indicating abuse of SAML tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified. CISA is working to confirm initial access vectors and identify any changes to the TTPs.” As stated, CISA will update their alert as new information becomes available.

The SAML abuse continues to be a very worrisome situation. By generating their own security tokens, threat actors now have organizations’ own security “keys to the kingdom” and there’s not an easy way for companies to know, making it challenging to protect themselves.

 

How GreenPages Is Protecting Clients

GreenPages believes that all companies should take a fresh look at their own security posture, as well as the posture of any networks they interact with and trust. There is no organization that runs a completely airtight ship, with human error being the wild card factor that technology can’t always solve.

In that vein, even though GreenPages does not run, operate, or manage the known vulnerable code, we have been in contact with customers who have purchased SolarWinds through us, and are taking a fresh look at our own posture and proactively implementing additional security measures as a result.

From an overall comprehensive security strategy standpoint, GreenPages offers a wide range of Cybersecurity and Risk Advisory Services that provide clients with the latest security approaches to implement, configure, secure, and manage their environments. From security policy creation, platform and tool selection, technology implementation, and infrastructure hardening, our security engagements can help.

From a Managed Security and Managed SOC standpoint, GreenPages offers comprehensive MDR and Managed SOC offerings for monitoring, alerting, awareness, and incident response—from collecting log in and other types of data (with a variety of tools, including our own RECON platform) and running it through detection analytics for humans to analyze for nefarious behavior and provide incident response. Two of our top security partners include Arctic Wolf and NetEnrich—both leaders in the field.

 

Guidance for Organizations

Here’s a link to additional articles for the latest background information as well as prescriptive technical guidance:

How to Engage with GreenPages for Help

As we all know, this is a wide-ranging, dangerous, and continuously unfolding cyberattack. GreenPages is vigilantly monitoring the situation and our engineers are standing by to provide you with any guidance you need. Reach out to us.

 


Comments

Related Posts

Tech News Recap for the Week of 04/05/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 04/05/21!

Tech News Recap for the Week of 03/29/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 03/29/21!

Is It Possible for Security to Coexist with Hybrid Work Post Pandemic?

By Randy Becker, VP & Principal Security Architect The pandemic has brought new and interesting challenges for all of us to deal with and certainly the balance of supporting users working remotely while ensuring security has not been easy. Initially we all had to scramble to figure out ways to allow employees to work from home. Some crazy things happened, including people bringing their desktop PCs home, connecting home PCs (with unsupported operating systems) to corporate VPNs, etc. Now we are seeing discussions about returning to work. What does that look like and what is it called?