We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
12
18
2020
1.28.2022

What You Should Know About the SolarWinds Nation-State Hack

Last updated:
1.19.2021
1.28.2022

Those of us in the IT community have likely heard that within the past two weeks, government agencies and private enterprises alike have suffered major information security breaches. At this time it has become clear that a sophisticated attack group, likely one associated with a nation-state such as Cozy Bear, is the probable culprit.

Lunavi has received numerous inquiries about our possible exposure to the supply chain vulnerabilities behind these attacks. We do not believe any of our systems are at risk. We have active tickets open with relevant partners and are keeping a close eye on the situation as it develops.

While our team is prepared to execute remediation efforts should they be required, your staff and leadership should also be aware of the full extent of this significant hack. Even if you are unaffected, this is a reminder that now is always the best time for a security audit.

Are Lunavi systems at risk?

Lunavi does not utilize the vulnerable Orion software but we do utilize N-Central software from SolarWinds. At this time, we have confirmed we are not impacted on version 2020.1.2.326 (2020.1HF2) and the older compromised version is 12.3.0.670. We are in touch with SolarWinds and will be monitoring the situation as it continues to evolve.

What is the extent of the hacks?

On December 8th,  information security software vendor FireEye reported a likely nation-state hack accessing infosec assessment tools which mimic cyber threat vectors. While the company did not report any evidence of the tools being used, it has come to light that this hack was perpetrated using compromised SolarWinds Orion network management software.

This software has apparently been used to breach numerous private companies and public agencies as large as the Treasury Department, the Pentagon, and the Department of Energy.

The full extent of the hack is not totally known, but the software is used by tens of thousands. The compromised software update used for the hack was distributed in March of 2020.

How were the hacks executed?

This is what is known as a supply chain attack, which intercepts legitimate software pipelines and injects malicious code. For users, the software package appears legitimate. In this specific case, the hackinggroup was able to get into SolarWinds development operations and insert malware in a software update.

Initial analysis reveals the attack processes used to access SolarWinds systems were highly sophisticated and potentially novel.

Once the compromised software is installed, hackers can execute code, sniff passwords, and compromise additional machines within the network.

What can I do if my systems are at risk?

Of course, this only applies if you are running a SolarWinds Orion product. You can view a helpful advisory of the affected versions here.

In addition to patching your SolarWinds products to the latest version, you should activate your incident response protocols and begin investigative forensics and remediation as needed.

CISA and DHS have provided a list of mitigation actions to take, including:

How can I be better prepared for cyberattacks?

Large scale attacks always serve as a strong reminder to bolster your information security posture. With this attack, you should implement a third-party risk management program to assess and monitor your vendors and software.

Your complete approach to information security should also include strong password policies including multi-factor authentication, regular user training and testing on common attack methods such as phishing, and security information and event management (SIEM) tools with visibility across your entire IT infrastructure and user devices.

If you need assistance executing any aspect of your infosec strategy, Lunavi would be happy to help you identify the right combination of tools and processes to strengthen your protection and response capabilities.

Recent Blog Posts

lunavi logo alternate white and yellow
2.15.2022
02
.
15
.
2022
Service Changes Coming to Microsoft 365 & Office 365

The NCE offers new subscription terms including 12-month and 36-month plans priced lower than monthly contracts. In addition, it is easier to add seats, cancellation policies are more consistent, and there are two promotional options to lock in a better rate for your current renewal. However, the mandatory new plans do include price adjustments.

Learn more
lunavi logo alternate white and yellow
1.28.2022
01
.
21
.
2022
Automate Your Cloud with Azure Bicep

Azure Bicep is a great way to implement Infrastructure as a Code to automate the provisioning of Azure resources. In this post, I’ll get you started by describing how Bicep language works as well as key differences and similarities between Bicep and ARM Templates.

Learn more
lunavi logo alternate white and yellow
1.28.2022
12
.
22
.
2021
Lunavi Response to Log4j Vulnerability

The log4j vulnerability is affecting many Apache systems. Learn how Lunavi is responding to this ongoing threat.

Learn more