Network monitoring software vendor SolarWinds announced this past weekend that they were the victim of a cybersecurity attack that culminated in a remote access “backdoor” being deployed in some of their products.
This backdoor — dubbed SUNBURST — could allow a remote attacker to take control of servers running the affected software to then launch further attacks that could lead to stolen data or ransomware.
If you have been contacted by SolarWinds informing you of the vulnerability, it’s critical that you follow their recommended remediation guidance.
SolarWinds is a widely used monitoring platform, and we feel it’s important to share this with you and provide you with information on how to determine whether this affects your organization and what you can do to mitigate any exposure you face.
Here’s some direct information to help:
- Review SolarWinds security advisory and determine whether you use the impacted platform. If so, update the Orion servers to remove the vulnerability.
- If you can’t immediately update affected servers, be sure to follow the additional security guidelines SolarWinds provided in their advisory.
- If you want more technical information how the attack happened, read the FireEye analysis. This also includes information on indicators of compromise you can use to determine whether your particular environment has been exploited.
Wipfli provides services designed to help our clients prevent cybersecurity attacks from happening, as well as increase the detective capabilities necessary to help identify malicious activity occurring in the network. Please contact your Wipfli advisor if you’d like more information.