What You Need to Know About SolarWinds’ Compromise

MIKE GARCIA | CHIEF SECURITY OFFICER

December 15, 2020

EXECUTIVE SUMMARY

• On December 13th, a recently discovered supply chain attack targeting the SolarWinds Orion platform was reported. The attackers were able to insert a malicious backdoor into Orion software updates officially released by SolarWinds.

• The attack is widespread and impacts a large number of organizations that utilize SolarWinds Orion. Attacks have already been identified across multiple verticals and regions.

• Patching is only the first step. All impacted customers should assume there are other backdoors or entry points into their environments.

• Whether it is used in IT or OT environments, if you have or had any impact versions of the software referenced below, Red Trident recommends that you conduct a compromise assessment as soon as possible.

• If you are leveraging Solarwinds Orion for any ICS/OT systems or networks, please call us for support or questions at 1-833-400-OTCYBER

IMPACTED PRODUCTS

Orion Platform versions 2019.4 HF 5 and 2020.2 with no hotfix or with 2020.2 HF 1, including the following software, are impacted:

• Application Centric Monitor (ACM)
• Database Performance Analyzer Integration Module (DPAIM)
• Enterprise Operations Console (EOC)
• High Availability (HA)
• IP Address Manager (IPAM)
• Log Analyzer (LA)
• Network Automation Manager (NAM)
• Network Configuration Manager (NCM)
• Network Operations Manager (NOM)
• Network Performance Monitor (NPM)
• NetFlow Traffic Analyzer (NTA)
• Server & Application Monitor (SAM)
• Server Configuration Monitor (SCM)
• Storage Resource Monitor (SRM)
• User Device Tracker (UDT)
• Virtualization Manager (VMAN)
• VoIP & Network Quality Manager (VNQM)
• Web Performance Monitor (WPM)

ADDITIONAL RECOMMENDATIONS

• Ensure that impacted SolarWinds servers are isolated until a compromise assessment is conducted. This should include blocking all connectivity to and from IT and OT systems.

• Block outbound Internet traffic from servers or other endpoints with SolarWinds software.

• Review of network device configurations for unexpected / unauthorized modifications. Note, this is a proactive measure due to the scope of SolarWinds functionality, not based on investigative findings.

• If immediate update is not possible, Solarwinds recommends compensating controls documented here.

• Please refer to SolarWinds’ official security advisory as updates are expected to be published.

Share on linkedin
LinkedIn
Share on twitter
Twitter

Meet Team Red Trident

DIRECTOR OF OPERATIONS

VP SALES & MARKETING

SYSTEMS ENGINEER

NETWORK ENGINEER

AUTOMATION ENGINEERING LEAD

CONTACT US:

832.493.1153
sales@redtridentinc.com
904 Gemini Ave, Houston, TX 77058

832.493.1153
sales@redtridentinc.com
904 Gemini Ave, Houston, TX 77058

Infragard Logo
Service Disabled Veteran Owned Small Business Logo

© 2021 Red Trident. All Rights Reserved.

Scroll to Top