Company News

Sensei Article Featured In Attorney At Work

February 4, 2021

Attorney At Work recently featured Sensei’s Sharon Nelson and John Simek’s article entitled “Lessons for Law Firms from the SolarWinds Breach”.

Excerpt:

Classified as perhaps the worst data breach ever, the compromise of the SolarWinds Orion platform has impacted approximately 18,000 public- and private-sector customers, according to the Cyber Unified Coordination Group (UCG). The UCG also said that the Russian-backed Advanced Persistent Threat (APT) group is most likely responsible for the SolarWinds hack. As the investigation continues, we are learning more and more details about the attack and those affected.

SolarWinds

So what is SolarWinds Orion, and what is it used for? Essentially, SolarWinds Orion is a network monitoring and management tool. It is used by IT personnel to provide a single dashboard for administering various parts of the network to include the infrastructure and applications.

The Discovery

In early December, cybersecurity firm FireEye discovered that its own systems were compromised and attackers made off with FireEye’s tools for investigating breaches. While FireEye was investigating how its systems were pierced, it learned there was a backdoor, known as Sunburst, within SolarWinds. We now know that the backdoor has existed for months and provided undetected access to thousands of systems.

So what led FireEye to even think they were compromised? Nobody called FireEye and said, “Knock, knock. I’m in your network.” FireEye CEO Kevin Mandia said the first clue to the massive attack was what is called a severity-zero alert. “In this particular case, the event that got briefed to me and got us to escalate and declare this a full-blown incident was somebody was accessing our network just like we do, but they were doing it with a second registered device.” They contacted the employee associated with the account and confirmed that they did not register a second phone. This is certainly a clear indication that the attacker already knew the employee’s username and password. As Mandie further stated, “We had somebody bypassing our two-factor authentication by registering a new device and accessing our network just like our employees do, but it actually wasn’t our employee.”

How many of us have systems in place to issue an alert for a second device being registered? Make that lesson one.

Read the entre article here.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Company News

Sensei Article Featured In Attorney At Work

Ride the Lightning

Your IT Consultant

Digital Forensics Dispatch

Listen to the Podcast