Introducing SecurityMetrics News: Threat Intelligence
The threat landscape is constantly changing and cyber attackers continue to target organizations. The SecurityMetrics Threat Intelligence Center introduces a new cybersecurity news series to inform you of developing threats and provide analysis, best practices, and tips to protect your data.
In this SecurityMetrics News episode, Heff and Forrest analyze recent cybersecurity news, including the unprecedented SolarWinds security breach and the FireEye compromise. They dive in to help you understand the attacks and give tips to avoid data breaches at your organization. Here is a recap:
SolarWinds Supply Chain Cyberattack
- SolarWinds was recently breached in what is the largest security compromise in U.S. history. This led to breaches at the Pentagon, multiple U.S. agencies, nuclear labs, and Fortune 500 companies.
- Malware was deployed as an update for Orion products from SolarWinds’ own server and automatically downloaded to 18,000 SolarWinds customers in March 2020.
- This attack was highly sophisticated and coordinated.
- The threat group in the SolarWinds hack is presumed to be APT29 (i.e., Cozy Bear/Russian SVR).
- Read more about the SolarWinds data breach here, including information about what SecurityMetrics is doing and what you should do to protect your business.
- FireEye was one of the companies hacked in the Solarwinds compromise.
- FireEye’s anti-hacking tools were stolen, so patching will be critical.
Lessons Learned From Recent Data Breaches and What You Can Do
- If you use Solarwinds Orions, assume compromise.
- If you have other Solarwinds products, map your attack surface.
- Threat actors have changed indicators of compromise (IoCs), and they are retooling.
- Check your logs as far back as March.
- Use multifactor authentication (MFA) and change passwords regularly.
- Perform extra cybersecurity diligence.