Breach, Content

CISA Issues APT Cyber Activity Warning

Credit: CISA

Credit: CISA

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released "What Every Leader Needs to Know About the Ongoing APT Cyber Activity," a warning that details the risks associated with advanced persistent threats (APT).

The warning comes after FireEye's discovery that an APT actor has been exploiting SolarWinds Orion software.

During the SolarWinds incident, an APT actor inserted malicious code into Orion software updates, according to CISA. Once these updates were applied, an APT actor could use them to access customer networks.

To date, the APT actor involved in the SolarWinds incident has only targeted certain organizations, CISA stated. However, all organizations that have installed compromised Orion updates remain at risk.

How to Remediate Risk Following the SolarWinds Security Incident

CISA offered the following recommendations to help organizations remediate risk following the SolarWinds incident:

  • Determine if your organization has been affected. Evaluate software use to find out if one of the affected versions of Orion is being used or has been used.
  • Prioritize incident response and remediation. If an organization is using or has used Orion, its legal, financial and operations personnel should work with cybersecurity professionals to take the proper response and remediation actions.
  • Allocate resources appropriately. Empower information security staff to investigate an IT environment for adversary activity.
  • Seek additional support. Review CISA guidelines and watch for future guidance relating to the SolarWinds incident.
  • Optimize operational security. Ensure advanced security processes and protocols are in place throughout incident response and remediation.

    • In addition, CISA has created a new Supply Chain Compromise webpage to consolidate all of the resources it has released relating to the SolarWinds incident. CISA also will continue to update the webpage to include new cyber community partner resources.

    SolarWinds Statements About Orion Security Incident

    Meanwhile, SolarWinds has provided the following updates to partners and customers:

    • SolarWinds continues to update a SUNBURST / Orion Security Advisory here;
    • related SolarWinds SUNBURST FAQ about the incident is here;
    • The company says SolarWinds MSP tools — widely deployed by managed IT services providers (MSPs) to support SMB customers — were not involved in the breach. But as a precaution, SolarWinds MSP revoked digital certificates for its MSP tools and required customers to digitally re-sign into its products; and
    • SolarWinds MSP President John Pagliuca’s statement is here.
      • Dan Kobialka

      Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.

      Related

      Related Terms

      Attack Vector

      You can skip this ad in 5 seconds

      Cookies

      This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

      If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.