Following our Cyber Alert earlier this week, “Major Breach Affects Government and Businesses Worldwide,” many extraordinary steps have been taken by industry leaders to respond to what may be the most material global intrusion campaign of the past decade. SolarWinds® U.S. Securities and Exchange Commission filing reported 18,000 customers were impacted, including cybersecurity firm FireEye, the U.S. Securities and Exchange Commission, Microsoft®, the U.S. Treasury Department, the U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA), The Department of Health's National Institutes of Health (NIH), the Cybersecurity and Infrastructure Agency (CISA), the Department of Homeland Security (DHS), the U.S. Department of State, and other notable institutions.
Of those affected, Microsoft led aggressive steps to counter the SolarWinds supply chain breach. In response to what Microsoft has called the Solorigate threat (FireEye has called it SUNBURST), it has added Solorigate to its malware detection agent and led a coalition of tech giants taking legal action to seize the campaign’s command and control domain avsvmcloud[.]com; crippling its infrastructure. Microsoft went a step further in neutralizing the threat by not only alerting of the threat, but actively blocking it, an action that is typically left to system engineers and IT staff to address given the possible system instability that might ensue. This move likely provides other anti-malware providers precedence in doing the same.
Given the growing list of prominent victims in this attack, many that rely on those parties for their services may also be impacted. It would be prudent to ensure with third-parties and their vendors (your fourth-parties) that sensitive data have not been affected, and if they have been affected, to what degree and what remediation steps they have taken.
ACA Additional Guidance
ACA is processing vendor questions on behalf of Aponix Protect and VMOS clients to ascertain clients’ exposure to these types of breaches; the analyses of which will be available in the Aponix portal as they become available.
In addition to ACA’s previous guidance (provided below), ACA Aponix recommends taking the following actions:
- Identify which of your third-parties or fourth-parties that have custody of your sensitive data or maintain access to it may be affected.
- Request from third-parties information about the breach impact and scope.
- Monitor those third-parties for updates.
- If applicable, ensure you and your investments are not affected and maintain sound software development practices to prevent malicious code injection.
- Continue to update counter-threat tools to minimize exposure and monitor recommendations provided by tool providers.
Previous ACA Guidance
The SolarWinds breach is shocking in its far-reaching nature, and its ability to affect top tiers of government and industry, both in the U.S. and internationally. It highlights the continued need for vigilance in the face of cybersecurity attacks, originating both from individual actors and on the nation-state level.
ACA Aponix recommends taking the following actions regarding the breach:
- Immediately follow the recommendations provided by CISA in its emergency directive. The recommendations may require IT and cybersecurity expertise. If necessary, reach out to trusted third-party providers for assistance.
- Once recommendations are implemented, ensure that SolarWinds Orion software is updated to its latest version, per the firm’s recommendations.
- Assess your Office 365 configuration to ensure that maximum protection is afforded against this and other potential vulnerabilities.
- Monitor system logs and other security resources for unusual activity.
- Assure that data backup and related resiliency plans are up-to-date and functional.
- Review and update existing incident response plans to prepare reaction in the event of a breach.
- Strongly encourage third-party vendors to follow directions and information related to this breach.
- Follow further CISA guidance as it becomes available.
How We Help
ACA Aponix offers the following solutions that can help your firm in light of the discovered vulnerability, software patching programming, Office 365 security configuration, and with data security in general.
- Microsoft® Office 365® security assessment
- Threat intelligence
- Cyberincident response planning
- Cybersecurity and technology risk assessments
- Vendor management and due diligence
- Penetration testing and vulnerability assessments
- Policies, procedures and governance
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.