This takeover of SolarWinds' Orion software, an IT performance monitoring platform that integrates into a businesses' full IT stack, is akin to handing over the keys to SolarWinds' customers' networks to attackers.ĬISA has issued an emergency directive calling on all organizations to review their networks and disconnect from any SolarWinds systems. This hacking campaign, which may date back to as early as fall 2019, affects vulnerable Orion versions 2019.4 HF 5 through 2020.2.1.Īccording to FireEye, a SolarWinds digitally-signed component of the Orion software framework contains a backdoor, dubbed SUNBURST, that communicates via HTTP to attacker-owned CC servers. Today, with the news that Russian operatives also breached SolarWinds' Orion software, the attack has proven much worse than anyone thought.įireEye's investigation surfaced a supply chain attack trojanizing legitimate SolarWinds Orion business software updates to distribute malware. With added security, Syxsense blocks the execution of SolarWinds software until a security evaluation of potentially exposed endpoints can be completed.The FireEye hack resulting in the theft of sophisticated red team tools was part of one of the most devastating cyberattacks in recent history. The Syxsense Secure platform uses Syxsense Realtime functions to dynamically scan all endpoints for SolarWinds software, including scanning the hard drives in real-time to look for the compromised “.dll” by name or file hash, quarantining devices to stop lateral movement and thereby protecting the network. Syxsense’s software distribution features can also be helpful to initiate uninstalls of SolarWinds.
Simply run an inventory query for SolarWinds or Inventory Software Report to see a list of all endpoints with SolarWinds software installed.
The Syxsense inventory scanner can quickly identify devices with SolarWinds software. The team at Syxsense has received requests asking if Syxsense Manage and Secure can help identify endpoints that might have SolarWinds software installed. Syxsense Allows Users to Scan for SolarWinds® Orion® Vulnerabilityīy now, everyone should be aware of the significant hack linked to security vulnerabilities in SolarWinds® Orion® software –.
0 kommentar(er)
