Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
12
18
2020
1.19.2021

What You Should Know About the SolarWinds Nation-State Hack

Those of us in the IT community have likely heard that within the past two weeks, government agencies and private enterprises alike have suffered major information security breaches. At this time it has become clear that a sophisticated attack group, likely one associated with a nation-state such as Cozy Bear, is the probable culprit.

Lunavi has received numerous inquiries about our possible exposure to the supply chain vulnerabilities behind these attacks. We do not believe any of our systems are at risk. We have active tickets open with relevant partners and are keeping a close eye on the situation as it develops.

While our team is prepared to execute remediation efforts should they be required, your staff and leadership should also be aware of the full extent of this significant hack. Even if you are unaffected, this is a reminder that now is always the best time for a security audit.

Are Lunavi systems at risk?

Lunavi does not utilize the vulnerable Orion software but we do utilize N-Central software from SolarWinds. At this time, we have confirmed we are not impacted on version 2020.1.2.326 (2020.1HF2) and the older compromised version is 12.3.0.670. We are in touch with SolarWinds and will be monitoring the situation as it continues to evolve.

What is the extent of the hacks?

On December 8th,  information security software vendor FireEye reported a likely nation-state hack accessing infosec assessment tools which mimic cyber threat vectors. While the company did not report any evidence of the tools being used, it has come to light that this hack was perpetrated using compromised SolarWinds Orion network management software.

This software has apparently been used to breach numerous private companies and public agencies as large as the Treasury Department, the Pentagon, and the Department of Energy.

The full extent of the hack is not totally known, but the software is used by tens of thousands. The compromised software update used for the hack was distributed in March of 2020.

How were the hacks executed?

This is what is known as a supply chain attack, which intercepts legitimate software pipelines and injects malicious code. For users, the software package appears legitimate. In this specific case, the hackinggroup was able to get into SolarWinds development operations and insert malware in a software update.

Initial analysis reveals the attack processes used to access SolarWinds systems were highly sophisticated and potentially novel.

Once the compromised software is installed, hackers can execute code, sniff passwords, and compromise additional machines within the network.

What can I do if my systems are at risk?

Of course, this only applies if you are running a SolarWinds Orion product. You can view a helpful advisory of the affected versions here.

In addition to patching your SolarWinds products to the latest version, you should activate your incident response protocols and begin investigative forensics and remediation as needed.

CISA and DHS have provided a list of mitigation actions to take, including:

How can I be better prepared for cyberattacks?

Large scale attacks always serve as a strong reminder to bolster your information security posture. With this attack, you should implement a third-party risk management program to assess and monitor your vendors and software.

Your complete approach to information security should also include strong password policies including multi-factor authentication, regular user training and testing on common attack methods such as phishing, and security information and event management (SIEM) tools with visibility across your entire IT infrastructure and user devices.

If you need assistance executing any aspect of your infosec strategy, Lunavi would be happy to help you identify the right combination of tools and processes to strengthen your protection and response capabilities.

Recent Blog Posts

lunavi logo alternate white and yellow
Blog
1.21.2021
01
.
20
.
2021
More Than Just Another Partnership, the Azure Expert MSP Is a Unique Source of Pride

As a founder and leader at Lunavi, I’ve seen our organization achieve a lot of big things. That said, achieving the distinction of Azure Expert MSP stands out.

Learn more
lunavi logo alternate white and yellow
Blog
1.19.2021
12
.
18
.
2020
What You Should Know About the SolarWinds Nation-State Hack

A supply chain attack on SolarWinds software has led to numerous security breaches. Learn how Lunavi is responding and what you should know about the hack.

Learn more
lunavi logo alternate white and yellow
Blog
12.18.2020
11
.
24
.
2020
Throughout a History of Change, Creating Business Value For Customers Remains Our Constant Priority

CEO Shawn Mills takes you on a journey through Lunavi's past, future, and constant commitment to delivering value.

Learn more