The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive, on December 13, in response to a known compromise involving SolarWinds Orion network management products that are currently being exploited by malicious actors.
The emergency directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
The New York Times reported that the hack was "engineered by one of Russia’s premier intelligence agencies."
NYT also reported that US Treasury, Commerce, State and Homeland Security Departments, and parts of the Pentagon had been compromised.
According to Fireye, a cybersecurity company that was also targeted: "The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security."
Known affected products: Orion Platform versions 2019.4 HF 5 and 2020.2 with no hotfix or with 2020.2 HF 1, including:
Application Centric Monitor (ACM)
Database Performance Analyzer Integration Module (DPAIM)
Enterprise Operations Console (EOC)
High Availability (HA)
IP Address Manager (IPAM)
Log Analyzer (LA)
Network Automation Manager (NAM)
Network Configuration Manager (NCM)
Network Operations Manager (NOM)
Network Performance Monitor (NPM)
NetFlow Traffic Analyzer (NTA)
Server & Application Monitor (SAM)
Server Configuration Monitor (SCM)
Storage Resource Monitor (SCM)
User Device Tracker (UDT)
Virtualization Manager (VMAN)
VoIP & Network Quality Manager (VNQM)
Web Performance Monitor (WPM)
In a statement, Solarwinds said: "No other versions of Orion Platform products are known to be impacted by this security vulnerability. Other non-Orion products are also not known to be impacted by this security vulnerability."
Solarwinds asks customers with any of these products for Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible.
SolarWinds also asks customers with any of these products for Orion Platform v2019.4 HF 5 to update to 2019.4 HF 6, available Dec. 14.
An additional hotfix release, 2020.2.1 HF 2 is anticipated to be made available Dec. 15. Solarwinds recommends that all customers update to release 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component and provides several additional security enhancements.
If you cannot upgrade immediately, the primary mitigation steps recommended by Solarwinds include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is necessary.
It's hard enough just to keep a business running during a pandemic. But when most of your workforce suddenly shifts to work-from-home, understanding employee experience becomes more important, not less. Not to mention that, for many businesses, large portions of the workforce will continue working remotely long after the COVID-19 crisis subsides. Bottom line, "work" means something very different than it did a year ago. If we're going to give people the support they need to thrive in this new normal, we need to rethink employee experience: what we measure, how we measure it, and what we can ultimately do about it ...
Following up the list of Application Performance Management Predictions, APMdigest also asked IT industry experts for their 2021 cloud predictions. Part 2 covers a variety of cloud issues ...
Following up the list of Application Performance Management Predictions, APMdigest also asked IT industry experts for their 2021 cloud predictions. Part 1 covers multicloud and hybrid cloud ...
Modernization projects using an incremental and continuous improvement model achieve superior results when compared to other project-based approaches including the ripping and replacing of core business applications, according to the CHAOS2020 Report from Micro Focus and Standish Group ...
Enterprise IT infrastructure never ceases to evolve, as companies continually re-examine and reimagine the network to incorporate new technology advancements and meet changing business requirements. But network change initiatives can be costly and time-consuming without a proactive approach to ensuring the right data is available to drive your initiatives ...
Data can be hard — knowing where to get it, where to store it, and most importantly, how to use it, are all questions enterprises need to answer. For most companies, this is an ongoing process in which multiple factors and challenges have arisen. In the Actian Datacast 2020: Hybrid Data Trends Snapshot, we shed light on the challenges of cloud migration and how organizations are leveraging data ...
With the COVID-19 pandemic causing economic disruptions all over the world, business organizations are further pressed to accelerate their migration to the cloud. As recovery begins and enterprises resume operations, experts expect to see increased spending on cloud services ...
Following up the list of Application Performance Management Predictions, APMdigest also asked IT industry experts for their 2021 network performance predictions. The results span 5G, NPM, SD-WAN and more ...
Gartner highlighted the six trends that infrastructure and operations (I&O) leaders must start preparing for in the next 12-18 months ...