To Our Customers, Prospects, Partners, and the Cybersecurity Community:
On Sunday, Dec 13, it was reported that SolarWinds was the subject of a sophisticated supply chain attack targeting SolarWinds Orion Platform software, their enterprise IT monitoring solution. According to public and private sources, this supply chain attack is linked to FireEye and other US federal entities being targeted.
In the released Indicators of Compromise (IOCs) associated with both the FireEye and SolarWinds breaches, Cyreonix Fortify/SentinelOne customers are protected. In the SolarWinds attack, dubbed “SUNBURST,” SentinelLabs research has confirmed that devices with Cyreonix Fortify/SentinelOne agents deployed are specifically exempt from the malicious payload used in the reported IOCs. As presented in the SolarWinds attack, SUNBURST does not trigger malicious activities on devices protected with Cyreonix Fortify/SentinelOne.
Following the SolarWinds supply chain attack:
- SentinelOne’s Singularity Cloud blocks all reported IOCs
- All Cyreonix Fortify/SentinelOne customers have access to a new hunting pack which includes custom Deep Visibility hunting queries for the latest SUNBURST and FireEye breach IOCs
Our recommendation to customers and the community-at-large is to follow SolarWinds’ security advisory instructions. In addition, please incorporate best practice countermeasures including:
- Resetting all credentials used by or stored in SolarWinds software
- Resetting service account passwords if service accounts were used with SolarWinds software
- Referencing FireEye’s SUNBURST countermeasures
The Cyreonix Fortify/SentinelOne team stands ready to assist in these times of uncertainty. Ensuring you’re informed and protected is key to staying secure. Our experts are available to speak on these events and your cybersecurity readiness by contacting us here or 888.223.5722