SENSEI ENTERPRISES, INC.

Call Us at 703.359.0700 or Toll Free 877.978.3440

Click Here For Live Support Make A Payment
Cyber Incident Hotline
Call Us at 703.359.0700 or Toll Free 877.978.3440
  • Home
  • About
    • Corporate Officers
    • Sensei Gives Back
    • Certifications
    • Partnerships
    • Current Job Openings
  • Services
    • Managed Information Technology Services
    • Managed Cybersecurity Services
    • Digital Forensics
    • Free Technology and Cybersecurity Assessments
    • Ask the Tech Experts
    • Cloud Solutions
    • Mobile Phone Deleted Text Message Recovery
    • Cybersecurity Awareness Training
    • Cybersecurity Maturity Model Certification (CMMC)
    • DIGITAL DETOX
    • Client Testimonials
    • Why Choose Sensei?
  • News & Publications
    • All News & Publications
    • Sensei News
    • Articles
    • Podcasts
    • Publications
    • YouTube Videos
    • Ride the Lightning Blog
    • Your IT Consultant Blog
    • Digital Forensics Dispatch Blog
  • VADER ONLINE
    • About VADER ONLINE
    • VADER ONLINE FAQS/HOW TO VIDEOS
    • VADER ONLINE Webinars
  • Seminars
    • Upcoming Seminars
    • Archived Seminars
    • Our Most Popular Seminars
    • Speaker Michael Maschke
    • On-Demand CLEs
    • Book Sensei Speakers
  • FAQ
    • FAQ: Digital Forensics
    • FAQ: Managed Cybersecurity
    • FAQ: Managed Information Technology Services
  • Contact Us

Lessons for Law Firms from the SolarWinds Breach

January 13, 2021

Perhaps classified as the worst data breach ever, the compromise of the SolarWinds Orion platform has impacted approximately 18,000 public and private sector customers according to Cyber Unified Coordination Group (UCG). The UCG also said that the Russian-backed Advanced Persistent Threat (APT) group is most likely responsible for the SolarWinds hack. As the investigation continues, we are learning more and more details about the attack and those impacted.

SolarWinds

So what is SolarWinds Orion and what is it used for? Essentially, SolarWinds Orion is a network monitoring and management tool. It is used by IT personnel to provide a single dashboard for administering various parts of the network to include the infrastructure and applications.

Discovery

In early December 2020, cybersecurity firm FireEye discovered that its own systems were compromised and attackers made off with FireEye’s own tools for investigating breaches. While FireEye was investigating how their systems were pierced, it learned that there was a backdoor, known as Sunburst, within SolarWinds. We now know that the backdoor has existed for months and provided undetected access to thousands of systems.

So what led FireEye to even think they were compromised? Unlike a bomb threat, nobody called FireEye and said “Knock. Knock. I’m in your network.” FireEye’s CEO Kevin Mandia said the first clue to the massive attack was what is called a Severity-Zero Alert. “In this particular case, the event that got briefed to me and got us to escalate and declare this a full-blown incident was somebody was accessing our network just like we do, but they were doing it with a second registered device.” They contacted the employee associated with the account and confirmed that they did not register a second phone. This is certainly a clear indication that the attacker already knew the employee’s username and password. As Mandia further stated, “We had somebody bypassing our two-factor authentication by registering a new device and accessing our network just like our employees do, but it actually wasn’t our employee.” How many of us have systems in place to issue an alert for a second device being registered? Make that lesson one.

Read the entire article here. 

Filed Under: Articles

How May We Help You?

    Your Name (required)

    Email Address (required)

    Service of Interest (required)

    Message (required)



    Award Winning Cybersecurity and Electronic Evidence Blog by Sensei’s President



    Information Technology Blog by Sensei’s Vice President

     

    Digital Forensics Blog by Sensei’s Forensics Team


    Podcasts

    John+and+Sharon+Digital+Detectives   new+digital+edge+200
    Call us at 703.359.0700 or toll free 877.978.3440
    ccemsce mcitp ccnp cissp

    See all certifications »

    © 2021 SENSEI ENTERPRISES, INC. | 3975 UNIVERSITY DRIVE, SUITE 225, FAIRFAX, VA 22030 | LICENSED SECURITY SERVICES BUSINESS (DCJS# 11-6444)

    | Privacy Policy |