The SolarWinds supply chain attack is one of the most sophisticated cyber attacks the world has witnessed in recent years.
While this incident has been known for almost 3 weeks now, as of December 30th 2020 there were still 930 exposed services running SolarWind’s Orion Platform of which 61% were still running vulnerable unpatched Software versions.
The below chart illustrates the various unpatched software versions and the corresponding number of exposed Orion platforms discovered by Reposify’s Attack Surface Management platform.
What are the risks?
SolarWinds' Orion Platform includes 12 different modules which according to SolarWinds' website deliver a “scalable infrastructure monitoring and management platform designed to simplify IT administration”.
By gaining access and control over these modules, attackers could have easily carried out various activities to enable easy access into your internal networks and/or leave backdoors that they can use at a later stage.
Did your organization install the compromised SolarWinds software update?
If so, there are various auditing steps which you must carry out as soon as possible to discover and remove any exposures or entry weak points that attackers might have created in your attack surface.
Special focus areas for examination should include:
- Firewalls, Routers & Switches: Ensure configurations are meeting your policies.
- Remote Access Services: Ensure your RDP panels are not exposed, VPN are patched and proper authentication and MFA are in place
- Cloud Assets: ensure no assets are missing and verify that access management settings are properly configured
How can Reposify Help?
Not sure if your organization might have been affected by this attack?
Want to discover if any of your subsidiaries are using SolarWinds' Orion platform?
Contact our cyber experts today to get a comprehensive analysis of your external attack surface to discover any unknown exposures, misconfigurations and vulnerabilities that attackers might be able to exploit.
- SolarWind's Security Advisory: https://www.solarwinds.com/securityadvisory
- The DHS’ Emergency Directive 21-01: https://cyber.dhs.gov/ed/21-01/
- Fireye’s Github : https://github.com/fireeye/sunburst_countermeasures
- Microsoft Customer Guidance: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/