• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

SolarWinds SUNBURST Backdoor Supply Chain Attack – What you need to know

You are here: Home / Blog / SolarWinds SUNBURST Backdoor Supply Chain Attack – What you need to know
08-December-2020 marked one of the most sophisticated cybersecurity espionage events in US history. FireEye, a top US cybersecurity research firm, identified and reported a breach on the SolarWinds Orion Platform used by organizations to manage their IT infrastructures. FireEye has named this malware infecting SolarWinds Orion component “SUNBURST” and has provided detailed information on the attack. SolarWinds has also issued an advisory on the incident.

 

Recently CISA-DHS issued a directive for all federal agencies not to install any updates from SolarWinds until further notice and keep such systems disconnected or powered down.

 

Does this affect ControlCase customers?

 

ControlCase does not use the affected products or services of the affected organizations.
Even though there is no evidence that ControlCase is affected by this threat, we are constantly monitoring the developments of these attacks and evaluating any potential threats that may affect our network or systems. ControlCase is continuously updating the detection and protection tools to include the latest verified signatures of SUNBURST malware. We are also utilizing the available information to strengthen our procedures and practices further and ensure that such attacks are avoided.

 

What to do if your organization uses SolarWinds components?

 

If your organization uses SolarWind products, the following are some suggested actions:

 

  1. Detect if systems are running the impacted version of SolarWinds Orion Network Monitoring Product: versions 2019.4 HF 5, 2020.2 (no hotfix) or 2020.2 HF 1 released between March 2020 and June 2020.
  2. Click Here for instructions on how to check the version of Orion Platform. Click Here to check which hotfixes are applied.
  3. Suppose any system is observed to be running these versions, it is strongly recommended to conduct an in-depth forensic analysis of the systems and the network for any attack or breach indicators.
  4. FYI there are instructions on SolarWind’s advisory to update the affected software and take additional steps to secure the setup.
  5. Most endpoint detection tools have released IOCs for SUNBURST. It is recommended to ensure that your endpoint detection tool is capable of and updated to identify these indicators
Vendor risk management is the process organizations use to understand the risks that exist and the risks that they assume due to their business relationships with third-party vendors.

 

Recommended ControlCase Solution – Vendor Risk Management

 

The ControlCase Vendor Risk Management Service utilizes a Regulatory Audit to help clients implement and manage a flexible and scalable program that verifies and validates the information security management controls and processes that your third-party business associates have designed and implemented to protect sensitive information.

Vendor Management Inquiry



  • Captcha Image
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices