Continuity of Business Following the Solar Winds Cyber Attack – Part 1

Continuity of Business Following the Solar Winds Cyber Attack
Share on facebook
Share on twitter
Share on linkedin
Share on email

As April is National Supply Chain Integrity Month, it seems only fitting to explore one of the most sophisticated and destructive supply chain attacks in our recent history. If you don’t know what we’re talking about, here’s a brief recap:

The 2020 “Sunburst attack” targeted US government agencies and government-affiliated businesses. By establishing a foothold through SolarWinds, Sunburst hackers leveraged a highly sophisticated supply chain attack to infiltrate countless organizations. The attack was able to achieve persistence and evade detection for long enough that malicious actors were able to access and steal an incredible amount of sensitive and confidential information.

The attack was so pervasive that cloud credentials for all major providers were likely stolen. As in the recent Capital One hack, this means attackers were then able to access and possibly modify highly sensitive information that organizations have stored in the cloud.

In the wake of this act of widespread cyber-warfare, government and commercial organizations were left wondering how to move forward. For victims of the attack, though information operations remained intact, the integrity of their security infrastructure should no longer be trusted. The fortunate organizations who haven’t been directly impacted still witnessed the fallout from the scope and high-profile nature of the attack. They now see it as a catalyst for action.

For those who think they may be impacted, it boils down to this – can you definitively answer these questions?

  1. Have the attackers left back-door access into the networks?
  2. Have the credentials of legitimate users and operational systems been stolen?

If you can’t say “no” to both with 100% confidence, the risk to the integrity of organizational operations is too great. While some experts have suggested that enterprise networks should be rebuilt from the ground up – the time and resources required to make that a reality are unrealistic.

Rather than overhauling your entire infrastructure, we advise all of our customers to adhere to two tenants that have been at the core of our business for more than twenty years – Isolation & Containment. Employing these strategies will minimize risk, prevent lateral movement from unauthorized users, and neutralize the vulnerabilities that leave your organization open to cyberattacks.

Isolation

By isolating your critical infrastructure, core systems and their associated networks are essentially unplugged from external access and invisible to malicious actors. Unlike firewalls and VPNs which can still be breached, absolute segmentation ensures only authorized users have access to sensitive data, greatly reducing the risk of malware, data theft and ransomware extortion.

Containment

Implementing a zero-trust overlay contains and conceals your network, not only preventing hackers from breaching and moving laterally throughout your system, but also stopping nefarious back-door processes from “phoning home” to the attackers. This ensures that stolen credentials to computer servers and the associated network equipment, including firewalls, can no longer be used by the attackers.

A seamless, stealth overlay solution like LinkGuard can bolster your cybersecurity efforts with the kind of preventative protection that keeps you ahead of cybercriminals. Stay tuned for part two of this blog post where we’ll discuss how our patented and proven solution works to protect your organization against whatever big attack is coming next. Until then, feel free to chat with our team of experts to discuss any questions about your cybersecurity infrastructure.