On Sunday, the 13th of December, SolarWinds Orion* a software application for IT inventory management and monitoring disclosed that a nation-state hacker group breached its network and inserted malware in the updates for Orion.
In their email communications, SolarWinds stated “our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack.
Solar Winds in a major contractor for the United State Government. Due to the magnitude and depth of this breach, the Cybersecurity and Infrastructure Security Agency issued a rare emergency directive instructing all federal civilian agencies to review their networks for possible compromise and immediately shut down the use of SolarWinds Orion products.
No matter the size of your organization, vetting of your third-party vendors is just good business practice. Some of the steps your organization can incorporate to mitigate possible risk and threats to your organization’s IT software are:
Incorporate dsyfer Essentials Technical Cybersecurity Policy Pack
Adopt the eLearning Modules for your employees
Manage your third-party vendors by creating a barrier of around your organization with our Community of Compliance software that allows the management and vetting your vendors.
Sybersafe is a trusted partner in the field of technology and cybersecurity. Our team is available to discuss your organization’s needs to determine your best course of action.
*If you own a SolarWinds Orion product, we recommend you visit www.solarwinds.com/securityadvisory for more detailed information. If you have any immediate questions, please contact Customer Support at 1-866-530-8040 or email@example.com.