I always have mixed emotions bringing you content surrounding a security issue or breach. On the one hand, I’m glad I can bring you (hopefully) useful content. On the other, I often find myself saying… “Haven’t we been here before?” While that last question did come up while I was preparing to write this article, this one feels different. The scope is larger, there are many lingering questions, and there is the potential for heavy impact.
Whether you keep up on tech news or not, it’s unlikely you’ve gone this far without hearing about the recent breach of SolarWinds Orion in some way shape, or form. Just in case you haven’t though, it’s a doozy. The attack includes very targeted methodologies, information gathering, maliciously signed binaries, and more. On top of that, with the scope and design of the breach, we have the potential to be dealing with the fallout of this attack for some time. That leaves a lot of private IT departments and managed services providers wondering, what is their next move? Are they compromised? How do they tell their customers if they are affected? How do they patch the breach? Many of these questions have left some online communities, such as Reddit’s MSP subreddit, abuzz with questions like this and many an MSP wondering what they do next.
To help provide some information on this subject, I recently reached out to some colleagues at Truesec (Experts in Cyber-Security) and they connected me with Fabio Viggiani who is the Security Team Leader at Truesec. We initially talked about doing a quick 5-10 minutes interview, but Fabio is such a wealth of information on the topic that we ended up discussing the breach for nearly 30 minutes!
If you find yourself asking any of the questions mentioned here, I highly suggest watching my video interview with Fabio below. We discussed the following topics (timestamps can be found within the youtube video)
What is SunBurst – the SolarWinds Hack? – 1:50
Who else has been targeted? – 4:20
What happens next? (Attack Stage 2) – 6:32
How are general IT admins affected? – 8:28
How do I know if I’ve been affected? – 10:51
Can the hack change the IT industry? – 14:00
What can companies do to protect themselves from future attacks? – 16:55
How should Service Providers respond? – 20:03
Interview with Fabio Viggiani on the SolarWinds/SunBurst Hack
As mentioned in the video, here are some additional resources on this subject
As I mentioned at the beginning, while it bums me out that I’m writing about yet another security vulnerability in the industry, I’m wildly excited that I can share information, tips, and tricks from a seasoned security expert like Fabio with you! Hopefully, the interview allowed you to take away something that will help your own organization deal with the fallout of this recent breach. That said, was there anything that stood out to you specifically? Any tips that you found extra helpful? If I had to choose one myself I’d say I found Fabio’s advice on not forgetting about the basics to be a REALLY good point. The basics of security continue to be important. Don’t forget about them by being hyper-focused on attempting to guard your organization against a highly complex supply-chain attack like this.
What about you? Anything you felt to be super important? Anything you feel was missing from our talk? Let us know in the comments section below!
Get a 30-day trial of Altaro VM Backup for MSPs
Manage all your customer VM backups from a single cloud console, on a monthly subscription. Try Altaro VM Backup for MSPs for 30 days - no strings attached!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!