We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
12
18
2020
3.1.2023

What You Should Know About the SolarWinds Nation-State Hack

Last updated:
1.19.2021
3.1.2023

Those of us in the IT community have likely heard that within the past two weeks, government agencies and private enterprises alike have suffered major information security breaches. At this time it has become clear that a sophisticated attack group, likely one associated with a nation-state such as Cozy Bear, is the probable culprit.

Lunavi has received numerous inquiries about our possible exposure to the supply chain vulnerabilities behind these attacks. We do not believe any of our systems are at risk. We have active tickets open with relevant partners and are keeping a close eye on the situation as it develops.

While our team is prepared to execute remediation efforts should they be required, your staff and leadership should also be aware of the full extent of this significant hack. Even if you are unaffected, this is a reminder that now is always the best time for a security audit.

Are Lunavi systems at risk?

Lunavi does not utilize the vulnerable Orion software but we do utilize N-Central software from SolarWinds. At this time, we have confirmed we are not impacted on version 2020.1.2.326 (2020.1HF2) and the older compromised version is 12.3.0.670. We are in touch with SolarWinds and will be monitoring the situation as it continues to evolve.

What is the extent of the hacks?

On December 8th,  information security software vendor FireEye reported a likely nation-state hack accessing infosec assessment tools which mimic cyber threat vectors. While the company did not report any evidence of the tools being used, it has come to light that this hack was perpetrated using compromised SolarWinds Orion network management software.

This software has apparently been used to breach numerous private companies and public agencies as large as the Treasury Department, the Pentagon, and the Department of Energy.

The full extent of the hack is not totally known, but the software is used by tens of thousands. The compromised software update used for the hack was distributed in March of 2020.

How were the hacks executed?

This is what is known as a supply chain attack, which intercepts legitimate software pipelines and injects malicious code. For users, the software package appears legitimate. In this specific case, the hackinggroup was able to get into SolarWinds development operations and insert malware in a software update.

Initial analysis reveals the attack processes used to access SolarWinds systems were highly sophisticated and potentially novel.

Once the compromised software is installed, hackers can execute code, sniff passwords, and compromise additional machines within the network.

What can I do if my systems are at risk?

Of course, this only applies if you are running a SolarWinds Orion product. You can view a helpful advisory of the affected versions here.

In addition to patching your SolarWinds products to the latest version, you should activate your incident response protocols and begin investigative forensics and remediation as needed.

CISA and DHS have provided a list of mitigation actions to take, including:

How can I be better prepared for cyberattacks?

Large scale attacks always serve as a strong reminder to bolster your information security posture. With this attack, you should implement a third-party risk management program to assess and monitor your vendors and software.

Your complete approach to information security should also include strong password policies including multi-factor authentication, regular user training and testing on common attack methods such as phishing, and security information and event management (SIEM) tools with visibility across your entire IT infrastructure and user devices.

If you need assistance executing any aspect of your infosec strategy, Lunavi would be happy to help you identify the right combination of tools and processes to strengthen your protection and response capabilities.

Recent Blog Posts

lunavi logo alternate white and yellow
9.8.2023
June
.
29
.
2023
FinOps: The Secret Key to Cloud Cost Control?

The term 'FinOps' is being heard more frequently as organizations seek to optimize their cloud endeavors. As controlling cloud spend is typically at the top of the list for refinement, let's explore how FinOps isn't just a new buzzword in the tech community.

Learn more
lunavi logo alternate white and yellow
9.8.2023
06
.
20
.
2023
Navigating What’s Next with Top Announcements from Microsoft Build

Microsoft announced major developments at its premiere event of the year, Microsoft Build. Author and Lunavi Solution Consultant, Alec Harrison was there in-person to gain first-hand insight on these announcements and what they could mean for not only the future of Lunavi, but for you and your organization!

Learn more
lunavi logo alternate white and yellow
5.23.2023
04
.
26
.
2023
Using Azure AI and Logic Apps to Reverse Engineer SMS Search Engines

There used to be entire companies providing SMS answering services. In 2006, one such company was valued at $6 million. Come along as we build the same system in Azure, almost for free, in 2 hours or less!

Learn more