Save to My DOJO
SolarWinds Breach – May 2021 Update
As with all things security in the IT space, the issue with the SolarWinds Orion breach is that it’s a slow burn that keeps on giving. Given we’re several months post breach now, does that change anything for system admins? We had the chance to catch up with Fabio Viggiani from Truesec once again to talk about the new information that has come out over the past months since the initial video.
It’s no surprise to find out that while there has been little talk in the news about the issue as of late, certain threats and other issues remain. With the scope of this attack being as large as it is we’re poised to be talking about this and pulling back layers of the onion for some time. So, we’ll be keeping you updated on insights, as we continue to find out more!
In this video Fabio and I discussed a number of different things as it relates to the SolarWinds hack and IT security in general, including:
- While it may “feel” like we’re seeing an uptick in security issues over the last couple of months, that may not necessarily be the case.
- The increasing boldness of attackers by going after build servers and cyber insurance companies.
- Nation state actor implications
- A brief timeline of key events leading up to the large, reported Orion breach
- Why MSPs shouldn’t trust their customer’s environments
- The urgent need for security monitoring tools
- And a lot more!
Without any further wait, you can watch the latest interview with Fabio below.
1:26 – Have we seen an increase in security incidents in the last couple of months?
6:18 – What new information has come out regarding the SolarWinds breach since the end of December?
13:32 – Is there any indication that the “perceived” increase in security issues these last couple of months can be tied back to the initial SolarWinds breach?
16:07 – Does any of this new information change the security playbook for service providers?
Follow-up Interview with Fabio Viggiani on the SolarWinds/SunBurst Hack
I always have mixed emotions bringing you content surrounding a security issue or breach. On the one hand, I’m glad I can bring you (hopefully) useful content. On the other, I often find myself saying… “Haven’t we been here before?” While that last question did come up while I was preparing to write this article, this one feels different. The scope is larger, there are many lingering questions, and there is the potential for heavy impact.
Whether you keep up on tech news or not, it’s unlikely you’ve gone this far without hearing about the recent breach of SolarWinds Orion in some way shape, or form. Just in case you haven’t though, it’s a doozy. The attack includes very targeted methodologies, information gathering, maliciously signed binaries, and more. On top of that, with the scope and design of the breach, we have the potential to be dealing with the fallout of this attack for some time. That leaves a lot of private IT departments and managed services providers wondering, what is their next move? Are they compromised? How do they tell their customers if they are affected? How do they patch the breach? Many of these questions have left some online communities, such as Reddit’s MSP subreddit, abuzz with questions like this and many an MSP wondering what they do next.
To help provide some information on this subject, I recently reached out to some colleagues at Truesec (Experts in Cyber-Security) and they connected me with Fabio Viggiani who is the Security Team Leader at Truesec. We initially talked about doing a quick 5-10 minutes interview, but Fabio is such a wealth of information on the topic that we ended up discussing the breach for nearly 30 minutes!
If you find yourself asking any of the questions mentioned here, I highly suggest watching my video interview with Fabio below. We discussed the following topics (timestamps can be found within the youtube video)
1:50 – What is SunBurst – the SolarWinds Hack?
4:20 – Who else has been targeted?
6:32 – What happens next? (Attack Stage 2)
8:28 – How are general IT admins affected?
10:51 – How do I know if I’ve been affected?
14:00 – Can the hack change the IT industry?
16:55 – What can companies do to protect themselves from future attacks?
20:03 – How should Service Providers respond?
Interview with Fabio Viggiani on the SolarWinds/SunBurst Hack
As mentioned in the video, here are some additional resources on this subject
As I mentioned at the beginning, while it bums me out that I’m writing about yet another security vulnerability in the industry, I’m wildly excited that I can share information, tips, and tricks from a seasoned security expert like Fabio with you! Hopefully, the interview allowed you to take away something that will help your own organization deal with the fallout of this recent breach. That said, was there anything that stood out to you specifically? Any tips that you found extra helpful? If I had to choose one myself I’d say I found Fabio’s advice on not forgetting about the basics to be a REALLY good point. The basics of security continue to be important. Don’t forget about them by being hyper-focused on attempting to guard your organization against a highly complex supply-chain attack like this.
What about you? Anything you felt to be super important? Anything you feel was missing from our talk? Let us know in the comments section below!
Get a 30-day trial of Altaro VM Backup for MSPs
Manage all your customer VM backups from a single cloud console, on a monthly subscription. Try Altaro VM Backup for MSPs for 30 days - no strings attached!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!