Otava Update on the Recent Hack of Government Agencies

The statement goes on to say “we know this compromise has affected networks within the federal government.” In a coordinated government response to this hack, the Cybersecurity and Infrastructure Agency (CISA)  “remains in regular contact with our government, private sector and international partners, providing technical assistance upon request, and making needed information and resources available to help those affected recover quickly from this incident. CISA is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises.”

 Background to the Hack

According to a December 13, 2020 story published by Reuters, the cybercrime, allegedly perpetrated by a foreign actor, was believed to have utilized updates to software from the company SolarWinds, a maker of IT infrastructure management software products. In a December 14, 2020 8-K report to the SEC, SolarWinds reported that of its 300,000+ customers, they delivered communications to 33,000 customers that use their “Orion” network performance monitoring software, the main software believed impacted by the hack. SolarWinds states “[they believe] the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000.”

What Do We Do Now?

With the significant number of businesses potentially impacted, many agencies and vendors are making recommendations for identification, eradication and remediation of this SolarWinds based hack including:

• Department of Homeland Security- Mitigate SolarWinds Orion Code Compromise
• SolarWinds- SolarWinds Security Advisory
• Microsoft Security Response Center- Customer Guidance on Recent Nation-State Cyber Attacks
• FIREEYE- Threat Research
• VMWare said in a recent statement that “While we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation.” In addition to this statement, the NSA issued an advisory on December 7, 2020 providing information regarding state sponsored actors exploiting vulnerability in WMWare workspace ONE access using compromised credentials. VMWare issued a software update on December 3, 2020 to address this vulnerability.

An Advisory From SolarWinds

Kevin Thompson, President & CEO of SolarWinds, Inc issued the following email to customers:

Dear Customer,

You are receiving this email because you are a customer who owns SolarWinds products that we believe, based on our investigations to date, are NOT AFFECTED by the vulnerability in our Orion Platform products identified in our public statements and recent news reports.

We have been made aware of a cyberattack to our systems that inserted a vulnerability within our SolarWinds^® Orion^® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 HF 1 only. We have been advised that this incident was likely the result of a highly sophisticated, targeted, and manual supply chain attack by an outside nation state, but we have not independently verified the identity of the attacker.

We have scanned the code of all of our software products for markers similar to those used in the attack on our Orion Platform products identified above, and we have found no evidence that other versions of our Orion Platform products or our other products contain those markers. As such, we are not aware that other versions of Orion Platform products have been impacted by this security vulnerability. Other non-Orion Platform products are also not known by us to be impacted by this security vulnerability.

If you aren’t sure which version of the Orion Platform products you are using, see directions on how to check that here. To check which hotfix updates you have applied, please go here.

Products believed to be NOT AFFECTED by this security vulnerability are: (Click here for SolarWinds latest list of known affected products and not known to be affected products)

At this time, we are not aware of an impact to our SolarWinds MSP products, including RMM and N-central. Additionally, we are not aware of any SolarWinds free tools or any of our agents that were affected by this vulnerability.

Our investigations and remediation efforts for these matters are still ongoing, and we will continue to update the Security Advisory page on our website as more information becomes available to us throughout our investigations.

Visit www.solarwinds.com/securityadvisory for more detailed information.

We also encourage you to review the Form 8-K that we filed this morning with the SEC. You can find this filing on the investor relations page of our website and on the SEC’s website.

Security and trust in our software are the foundation of our commitment to our customers. Thank you for your continued patience and partnership as we continue to work through this issue.

Sincerely,

Kevin Thompson
President & CEO
SolarWinds, Inc

Solar Winds and Otava

Otava does not utilize the SolarWinds Orion product in our environment.  However, Otava can provide clients with “denied” logs from firewall or live captures of their traffic, should either be required. Should you require additional information, please consult advisories provided by the Department of Homeland Security, SolarWinds and any other businesses or vendors known to be affected by this hack to determine any potential impact on your business.

Related Articles

Tackling the rising costs of cybercrime and data leakage: The technologies we adopt in business today to increase our competitive advantages and improve business economics: e.g. cloud, IoT, SaaS and mobility, also increase the amount of high-value data that is created. (Read more)

 Cyber Attacks: Dangerous and Expensive Implications: The damage wrought by a cyber-attack can be disastrous. How can you better protect yourself? (Read more)