Over the course of the last several days there has been a flurry of vendor announcements and media reports about what now appears to be a series of major, interrelated cyber attacks:
Details continue to emerge about what exactly took place. Response teams from Microsoft, FireEye, SolarWinds and multiple law enforcement agencies have determined that SolarWinds was breached by nation-state threat actors in early 2020. Upon breaching SolarWinds, the attackers made use of software development tooling to craft malicious updates to the SolarWinds Orion software suite, which were then provided to SolarWinds’ customers as part of a standard software update package. The number of impacted companies is unknown at this time, but is suspected to be in the thousands based on the known size of Solarwinds’ customer base.
Given the serious nature of this attack against US government agencies, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive ordering all federal agencies to immediately disconnect SolarWinds’ Orion products from their networks.
A number of organizations, including BlueVoyant, have provided guidance on steps that you should take immediately in order to protect your company:
Bottom line: If you are a BlueVoyant customer, we have taken the necessary steps to ensure you are up to date and protected.
BlueVoyant will publish additional details as they become available via our customer portal, blog and/or social media channels. In addition, you can also learn more by reading the following:
Microsoft:Article: “Customer Guidance on Recent Nation-State Cyber Attacks”
Media & industry coverage
About the author: Milan Patel is the Global Head of Managed Security Services at BlueVoyant. Prior to joining the company, he served as the CTO of the FBI’s Cyber Division and as a Special Agent focused on investigating cyber crimes.