GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

The SolarWinds Orion Cyberattack; Latest Security Updates & Guidance for All Organizations

What We Currently Know

We’ve all been following the news about the SolarWinds supply chain attack where threat actors exploited the company’s Orion software update to plant malware on corporate and government networks. The situation continues to unfold with new headlines announcing the scale of the attack, including an additional threat actor believed unrelated to the first attack.

From a security standpoint, there were two important things to note around Microsoft and its swift response to the breach. Although Microsoft seized the domains which halted malicious activity, for customers whose command and control session was set up, the threat actor was able to gain access, resulting in out-of-band persistence and compromised environments. Here is Microsoft’s customer guidance response to the threat actors forging the SAML Tokens.

On Saturday Dec 19, CISA updated their initial alert to state there was evidence not tied to the SolarWinds Orion platform. “Specifically, we are investigating incidents in which activity indicating abuse of SAML tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified. CISA is working to confirm initial access vectors and identify any changes to the TTPs.” As stated, CISA will update their alert as new information becomes available.

The SAML abuse continues to be a very worrisome situation. By generating their own security tokens, threat actors now have organizations’ own security “keys to the kingdom” and there’s not an easy way for companies to know, making it challenging to protect themselves.


How GreenPages Is Protecting Clients

GreenPages believes that all companies should take a fresh look at their own security posture, as well as the posture of any networks they interact with and trust. There is no organization that runs a completely airtight ship, with human error being the wild card factor that technology can’t always solve.

In that vein, even though GreenPages does not run, operate, or manage the known vulnerable code, we have been in contact with customers who have purchased SolarWinds through us, and are taking a fresh look at our own posture and proactively implementing additional security measures as a result.

From an overall comprehensive security strategy standpoint, GreenPages offers a wide range of Cybersecurity and Risk Advisory Services that provide clients with the latest security approaches to implement, configure, secure, and manage their environments. From security policy creation, platform and tool selection, technology implementation, and infrastructure hardening, our security engagements can help.

From a Managed Security and Managed SOC standpoint, GreenPages offers comprehensive MDR and Managed SOC offerings for monitoring, alerting, awareness, and incident response—from collecting log in and other types of data (with a variety of tools, including our own RECON platform) and running it through detection analytics for humans to analyze for nefarious behavior and provide incident response. Two of our top security partners include Arctic Wolf and NetEnrich—both leaders in the field.


Guidance for Organizations

Here’s a link to additional articles for the latest background information as well as prescriptive technical guidance:

How to Engage with GreenPages for Help

As we all know, this is a wide-ranging, dangerous, and continuously unfolding cyberattack. GreenPages is vigilantly monitoring the situation and our engineers are standing by to provide you with any guidance you need. Reach out to us.


Related Posts

CIO Fireside Chat Recap: Responding to a Ransomware Attack

By Mario Brum, VP of Practice Area and Technical Advisory Services, GreenPages   Mario Brum hosted our inaugural CIO Fireside Chat, an online event for business executives and IT experts about the latest tech topics and trends. In this blog post, Mario recaps the discussion on responding to ransomware attacks and shares data from a real-time poll showing how top cybersecurity leaders responded to this controversial topic. 

How Microsoft Purview Simplifies and Secures Your Organization's Data

By David Barter, GreenPages Microsoft Technologies Practice Lead Managing disparate data sources is a challenge for today's hybrid workforces. But Microsoft Purview can simplify your data security, governance, and compliance.

Why MFA Is a Must-have Cybersecurity for Business

By Jay Martin, GreenPages Security Practice Lead Multifactor authentication can protect today's hybrid workforces from cyberattacks designed to steal, destroy, or ransom a company's extremely valuable data.