Solarwinds Hack - One Year Ago

Believe it or not, around a year ago (come December 12th) the revelations of the Solarwinds or Sunburst Hack was breaking news.  We ourselves talked about it.

Are we any better off than we were a year ago?  In a lot of ways, the issues of a supply side hack are just as much of an issue today as it was a year ago.   There are still security environments that do not have the protective technologies or processes in place to handle systemic problems like the Solarwinds hack caused.

Here's a few ways to know whether or not your company is secure:


  1. How often are your monitoring user credential privileges?  One of the ways supply-side attacks succeed is by using an administrative account that has more privileges than it requires.  Often this is because it is cloned from another user account or group, and privileges aren't parsed down after the fact. Regularly check administrative accounts to verify they are still in use, and further, that all the privileges provided are needed.
  2. Normal applications act suspiciously all the time, is there verification that these are not indicators of compromise? When applications are operating at odd hours, making requests that don't make sense, or taking actions that are suspicious... are you able to know this, or even track this?  Who is providing overnight coverage, who is providing coverage for events that happen in the middle of the night?  If the answer is an employee with a cell phone to call for problems... the real answer is no one.
  3. Verify security threats of applications, and provide constant analysis of their value. Applications that have administrative privileges need to be constantly monitored, through some kind of service, or through review from human beings. Relying solely on artificial intelligence or automation to review security events or potential Indicators of compromise is how Solarwinds / Sunburst Hack impacted so many businesses, so I suggest reviewing privileged access events that appear suspicious through investigation.

Overall, the trend should be to treat security as important, especially after having seen such a drastic increase of security threats over the past two years.  We know the threats are out there, and it is especially important looking forward to 2022 to be sure you have a trusted security advisor to work with on the growing security trends that London Security has been reviewing for the future.