infotex does not use SolarWinds…
We are protecting our Clients!
Another blog post meant to inspire thought about IT Governance . . . .
To all infotex managed security service Clients:
As recently reported by major news outlets there is currently an ongoing attack on SolarWinds Orion network monitoring software builds released between March and June of 2020. This attack is being referred to as Sunburst and uses a malicious backdoor distributed via authorized update channels for SolarWinds Orion. Installation of these software versions could potentially lead to a malicious actor compromising the system and allow for further exploitation across an environment.
What infotex is doing:
We have implemented new IDS/IPS signatures to detect indicators of compromise at the network layer. We are also working with our clients who have been affected through their use of SolarWinds Orion to review all event logs for indicators of compromise and/or exploitation.
What our clients should be doing:
If you are or have used an affected version of SolarWinds Orion please review the guidance advisories below for mitigation strategies and discuss with your incident response team. Please contact our NOC team if you have any other questions or investigative requests.
- SolarWinds Security Advisory – https://www.solarwinds.com/securityadvisory
- CISA Advisory – https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software
- FireEye Blog Post – https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
- DHS Advisory – https://cyber.dhs.gov/ed/21-01/