SolarWinds Security Alert (14th December 2020)

Description

On the 14th December 2020, SolarWinds indicated that their systems had experienced a highly sophisticated, manual supply chain attack affecting the SolarWinds Orion Platform.

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data.[1]

Summary

The SolarWinds Orion Platform is a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environment in a single pane of glass. 

The versions affected by this attack are the 2019.4 Hot Fix (HF) 5 and 2020.2 with no hotfix or 2020.2 HF 1 including:

  • Application Centric Monitor (ACM)
  • Database Performance Analyzer Integration Module (DPAIM)
  • Enterprise Operations Console (EOC)
  • High Availability (HA)
  • IP Address Manager (IPAM)
  • Log Analyzer (LA)
  • Network Automation Manager (NAM)
  • Network Configuration Manager (NCM)
  • Network Operations Manager (NOM)
  • Network Performance Monitor (NPM)
  • NetFlow Traffic Analyzer (NTA)
  • Server & Application Monitor (SAM)
  • Server Configuration Monitor (SCM)
  • Storage Resource Monitor (SCM)
  • User Device Tracker (UDT)
  • Virtualization Manager (VMAN)
  • VoIP & Network Quality Manager (VNQM)
  • Web Performance Monitor (WPM)

Solutions and Work arounds

  • Immediately update the Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to the Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment.
  • Immediately update the Orion Platform v2019.4 HF 5 to 2019.4 HF 6.

For more information on this attack, please visit the URL: https://www.solarwinds.com/securityadvisory

The Guyana National CIRT recommends that users and administrators review this alert and the remediation strategies and apply them where necessary.

Reference

  •  SolarWinds Security Advisory (14th December 2020). Retrieved from SolarWinds:

          https://www.solarwinds.com/securityadvisory

  • Security Advisory Regarding SolarWinds Supply Chain Compromise (14th December 2020). Retrieved from Security Boulevard:

           https://securityboulevard.com/2020/12/security-advisory-regarding-solarwinds-supply-chain-compromise/


[1] https://www.csoonline.com/article/3191947/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html