SolarWinds and the Big Hack - WST

Well, hacking is certainly in the news this week! We initially resisted adding to the cacophony of news stories and email alerts flooding your inbox, primarily because with big stories like these the initial information is generally incomplete and often wrong. Now a few days have passed, and more is known, but we’d wager lots more is to be discovered. The CliffsNotes version (or TL; DR for the younger set) is that there appears to have been a nation state intrusion into several governmental agencies, as well as an industry leading cyber incident response company, FireEye. It is now believed that these intrusions were accomplished through a widely used network monitoring and management system, SolarWinds Orion, which had been tampered with in a “supply chain attack.”

What does this mean for you? If your institution uses SolarWinds Orion, please visit the SolarWinds site (https://www.n-able.com/) for the latest. Additionally, the DHS released an Emergency Directive (https://cyber.dhs.gov/ed/21-01/) for government agencies that packs quite a punch.

If you don’t specifically use SolarWinds Orion, based on current information you are probably in the clear…but if you do use this product (or did at any point this year), start by assuming you may have a problem. Since Orion has deep access into your network and was likely configured with privileged accounts to monitor everything, any potential breach of this software could have serious consequences in your environment. We recommend that you engage a qualified technical Incident Response resource to help you determine whether your systems are affected, and what if any remediation is needed.

If you do not know who to contact for this type of expertise, consider starting with your cybersecurity insurance provider. They have required steps to follow in this type of potential issue, or at a minimum, often can provide a list of recommended vendors.