The Department of Homeland Security recently published an alert regarding SolarWinds Orion products which has been exploited by malicious actors. 'This tactic permits an attacker to gain access to network traffic management systems'.
Organizations can proactively determine whether they are at greater risk for this specific type of infection. Here’s what you should do:
1. Validate your version of SolarWinds Orion (affected versions are 2019.4 through 2020.2.1 HF1)
2. Investigate for indicators of compromise as outlined in DHS Emergency Directive 21-01
[SolarWinds.Orion.Core.BusinessLayer.dll] with a file hash of [b91ce2fa41029f6955bff20079468448]
[C:\WINDOWS\SysWOW64\netsetupsvc.dll]
3. If any indicators are identified, forensically image the impacted system(s) and work to understand impacts and enact your incident response plan.
If you believe you are experiencing a security incident, call our incident response hotline immediately: (860)-785-0614.
Cymonix can evaluate your infrastructure to proactively identify, classify, and remediate security threats which may otherwise go undetected. Cymonix risk assessment will proactively identify and respond to a security incident. The risk assessment will assess your environment to determine if threats are present or at imminent risk for a security incident.