The SolarWinds Orion platform attack is one of the most significant breaches in the past decade.
The story continues to develop quickly with more victims being identified, and we may learn more soon. We do know that this appears initially to be focused on espionage and the compromise of government agencies internationally.
In a presentation and discussion on December 16, 2020, a team including CI Security CISO Michael Hamilton, EVP of Professional Services Fred Langston, and Deputy CISO John-Luke Peck described the details of the incident as known, discussed what a likely national response will be, and provided advice on what actions to take right immediately.
What Should InfoSec Teams Do about the SolarWinds Breach Now?
Monitoring your network environment is an essential part of the recommendations for determining if your organization has been affected. Actors may have gained persistence after the initial use of the compromised software, and their movements create signal that may be detected.
Watch the video linked above to get the rest of the recommendations.
If you have questions, contact CI Security at this link: https://ci.security/about/contact/standard