The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Emergency Directive in response to the compromise that involves SolarWinds Orion Products. The directive urges federal civilian agencies to check networks for signs of compromise and to power down SolarWinds products right away.
Being termed an unacceptable risk for secure federal networks, leaders within the CISA explain that these exploited products could potentially compromise networks throughout public and private sectors.
Emergency Directive 21-01: SolarWinds Orion Code Compromise
The Emergency Directive 21-01 relates to the Secretary of Homeland Security’s ongoing role to identify security threats, vulnerabilities and incidents that represent a substantial threat. Government agencies and other entities are allowed to use any lawful action on information systems to mitigate identified threats. Federal agencies are required by law to comply with any emergency directives like this.
SolarWinds Orion: Affected Versions
The versions of SolarWind Orion products that have been exploited by malicious actors are 2019.4 through 2020.2.1. HF1. SolarWinds issued its own security advisory in relation to this cyberattack. They explain that versions 2019.4 HF5, 2020.2 (no hotfix) and 2020.2 HF1 could allow attackers to compromise the servers where these products run. They have recommended emergency action items.
Emergency Action: Protection from SolarWinds Orion Security Threat
As soon as the threat was detected, SolarWinds removed download access for the affected software.
The emergency action items recommended by SolarWinds are:
- Customers who are using Orion Platform v2019.4 HF5 should update to 2019.4 HF6.
- Customers who are using a known affected product on Orion Platform v2020.2 (no hotfix) or 2020.2 HF1 should upgrade to version 2020.2.1 HF2.
- All customers should update to 2020.2.1 HF 2, which has security enhancements and replaces the compromised components.
To the company’s knowledge, the vulnerability in the attacked software does not impact other versions of the software. The team at SolarWinds has worked actively to ensure that this is the case, including performing code scans of software products (to find similar markers).
SolarWinds Orion: Known Affected Products
The company has published a list of known affected products on Orion Platform versions 2019.4 HF5, 2020.2 no hotfix) or 2020.2 HF1, which include:
- Network Automation Manager
- Network Configuration Manager
- NetFlow Traffic Analyzer
- Web Performance Monitor
- Virtualization Manager
- User Device Tracker
- IP Address Manager
- Application Centric Monitor
- Enterprise Operations Console
- Log Analyzer
- Database Performance Analyzer Integration Module (not DPA)
- High Availability
- Server and Application Monitor
- VoIP and Network Quality Manager
- Storage Resource Monitor
- Server Configuration Monitor
There are dozens of products that do not appear to have been affected by the breach.
Anytime a cyberattack like this is widely impactful, it brings cybersecurity to the forefront of the conversation. The right solutions are essential for government agencies with remote workers who need access to classified materials, among the many other sectors that require security for end users on different networks and devices.
Attila Security Technology Solutions
With the increase of compromised networks throughout the federal Government and industry it is imperative that action be taken immediately to bring in back up capacity that cannot be compromised.
Attila Security’s technology can provide an intrusion response backup network within days of implementing our products.
This back up capacity for each agency of the government will enable them to continue critical daily operations without continuing to expose sensitive data.
Agencies cannot wait for full mitigation of the current problems; they cannot wait for a complete turnkey solution to be implemented.
Attila Security’s technology is a proven, innovative and immediate backup solution.
These once “private,” now compromised, networks can easily be converted to protected communication networks through the use of GoSilent in a uncompromised environment.
This allows for response and remediation efforts to take place in a trusted tunnel and allow for the agency to continue operations in a trusted network.