What You Need to Know About SolarWinds’ Compromise

MIKE GARCIA | CHIEF SECURITY OFFICER

December 15, 2020

EXECUTIVE SUMMARY

• On December 13th, a recently discovered supply chain attack targeting the SolarWinds Orion platform was reported. The attackers were able to insert a malicious backdoor into Orion software updates officially released by SolarWinds.

• The attack is widespread and impacts a large number of organizations that utilize SolarWinds Orion. Attacks have already been identified across multiple verticals and regions.

• Patching is only the first step. All impacted customers should assume there are other backdoors or entry points into their environments.

• Whether it is used in IT or OT environments, if you have or had any impact versions of the software referenced below, Red Trident recommends that you conduct a compromise assessment as soon as possible.

• If you are leveraging Solarwinds Orion for any ICS/OT systems or networks, please call us for support or questions at 1-833-400-OTCYBER

IMPACTED PRODUCTS

Orion Platform versions 2019.4 HF 5 and 2020.2 with no hotfix or with 2020.2 HF 1, including the following software, are impacted:

• Application Centric Monitor (ACM)
• Database Performance Analyzer Integration Module (DPAIM)
• Enterprise Operations Console (EOC)
• High Availability (HA)
• IP Address Manager (IPAM)
• Log Analyzer (LA)
• Network Automation Manager (NAM)
• Network Configuration Manager (NCM)
• Network Operations Manager (NOM)
• Network Performance Monitor (NPM)
• NetFlow Traffic Analyzer (NTA)
• Server & Application Monitor (SAM)
• Server Configuration Monitor (SCM)
• Storage Resource Monitor (SRM)
• User Device Tracker (UDT)
• Virtualization Manager (VMAN)
• VoIP & Network Quality Manager (VNQM)
• Web Performance Monitor (WPM)

ADDITIONAL RECOMMENDATIONS

• Ensure that impacted SolarWinds servers are isolated until a compromise assessment is conducted. This should include blocking all connectivity to and from IT and OT systems.

• Block outbound Internet traffic from servers or other endpoints with SolarWinds software.

• Review of network device configurations for unexpected / unauthorized modifications. Note, this is a proactive measure due to the scope of SolarWinds functionality, not based on investigative findings.

• If immediate update is not possible, Solarwinds recommends compensating controls documented here.

• Please refer to SolarWinds’ official security advisory as updates are expected to be published.

Share on linkedin
LinkedIn
Share on twitter
Twitter

RED TRIDENT LEADERSHIP

DIRECTOR OF OPERATIONS

VP SALES & MARKETING

CONTACT US:

844.727.3665
sales@redtridentinc.com
5821 West Sam Houston Pkwy N, Suite 500
Houston, TX 77041

844.727.3665
sales@redtridentinc.com
5821 West Sam Houston Pkwy N, Suite 500
Houston, TX 77041

Infragard Logo
Service Disabled Veteran Owned Small Business Logo

© 2021 Red Trident. All Rights Reserved.

Scroll to Top