As you’ve likely seen reported, SolarWinds discovered a supply chain attack compromising their Orion business software updates that distributed malware known as SUNBURST. The malware permits an attacker to gain access to network traffic management systems, and the attacker can leverage this to gain elevated credentials. This compromise was used to target the cybersecurity firm FireEye, as well as multiple U.S. government agencies. For more information on the details of the breach, please see the advisory from the Cybersecurity & Infrastructure Security Agency.
Holistic IT Actions for our Security Products
Firstly, Holistic IT does not use any SolarWinds or FireEye products internally or externally for clients. However, we are following the developments of this news closely and ensuring that we validate our processes and environment as new information becomes publicly available.
The security of our services, products, our clients, and our client data is of critical importance, and while we have no evidence to suggest that any of our systems are involved or impacted, below are the following actions we are proactively taking while this cyber event unfolds:
- Our partner Security Operations Center (SOC) will continue to carefully monitor the situation. Regarding the SUNBURST malware, the SOC has taken actions to blacklist the known IOCs related to the compromised files globally on our next-gen Cyber Security as a Service next-ge platform.
- Although our security platform is not affected by this event, we are considering its impacts and use it as an opportunity to seek improvements in our own processes and controls.
Recommendations for Clients
If your organisation utilises SolarWinds or your current IT provider has supplied you or uses SolarWinds, be sure to stay current on the recommendations and hotfixes from SolarWinds directly. Review their Security Advisory page for updated information fixes.
As always, if you ever see anything that you suspect may be malicious or fraudulent activity within our products, please report them immediately to our team at firstname.lastname@example.org
- Threat Research from FireEye on Sunburst malware
- Microsoft Security Response Center blog
We will continue to provide updates and information as necessary, and we encourage you to visit and bookmark our News Pages for ongoing updates and information as it relates to Holistic IT.