Cynergistek : CISO Weighs in on Recent SolarWinds Hack

Cynergistek's CISO Weighs in on Recent SolarWinds Hack

December 22, 2020Thomas Graham

• Share this Article
• Facebook
• Twitter
• Email
• LinkedIn

By now, you have probably heard of the SolarWinds hack that is being called the largest such hack of the U.S. Government (and most of the Fortune 500) in at least a decade. CynergisTek, Inc.'s Chief Information Security Officer (CISO), Thomas Graham gives his outlook and provides recommendations on this egregious hack of a lifetime:

The impacts of the SolarWinds hack are still being determined and may reach further than simply those who utilized the SolarWinds Orion module. Microsoft has recently released/notified a number of companies who were impacted ancillary to the SolarWinds hack due to attackers being able to jump from one compromised solution to another. Additionally, a second backdoor has been found in the compromised package that points to more than one potential malicious actor.

With these ongoing revelations, my own opinion of this, is the SolarWinds hack will be more far-reaching than we will probably know, but regardless government and enterprise organizations alike should be operating at a heightened sense of urgency. Currently, it appears that the attackers limited the malicious activity to viewing/reading real data rather than destroying/modifying it. However, this is still a large concern and as the investigation continues the activity of the attackers may be updated. Additionally, be aware that simply because someone says there is "No evidence of compromise" this simply means they could not find any evidence. Not that it did not actually occur as attackers are often fond of destroying logs indicating who/what/where/when/how they accessed files/systems.

With this in mind, I recommend organizations take the following steps to combat potential SolarWinds impacts:

1. Initiate an in-depth review of your configurations and protections to ensure you have proper alerting in place for any new elevated accounts.
2. Implant additional alerts for certain activities such as updates to existing, published, software packages.
3. Most importantly, CHANGE DEFAULT PASSWORDS!

I recommend all of these steps regardless of if you directly utilize SolarWinds and communicate why this is being done to the larger organization to increase awareness. As always, with anything of this magnitude, if you have any questions or think something "wonky" is going on with your organizational system reach out to your IT department or CISO. After all, your employees, coworkers, and YOU are the last line of defense!

-Thomas Graham

CISO, CynergisTek Inc.

About the Author

Dr. Thomas Graham serves as the CISO for CynergisTek, a top healthcare cybersecurity company based in Austin, TX. Prior to CynergisTek, he supported the Defense Health Agency in a variety of roles, where his team received a FedHealthIT award for innovation presented at the National Press Club in Washington, DC. He currently holds a PhD in Information Assurance and Security, and an MBA. Thomas has received CISSP and HCISPP designations, along with other industry-recognized certifications. Thomas also serves on the MIS advisory board for East Carolina University, was part of an IoT panel discussion at the 2016 National Cyber Conference in Birmingham, AL, and has recently presented at the 2019 ISC2 Security Congress and was part of another panel discussion at the 2019 QSC conference.

Follow on Twitter Follow on Linkedin More Content by Thomas Graham