arrow-left2arrow-right2Vector Smart Object7Vector Smart Object2Vector Smart Object111Vector Smart Object1snapchat

Active Exploitation of Solarwinds Software Reinforces the Need to Enforce Password Policies

[fa icon="calendar"] December 18, 2020 - Written by: Sean Rollman

 

On December 8th, it was announced that FireEye, a leading security consultancy, had been the victim of a sophisticated hack that had led to the exfiltration of numerous tools used to test, and potentially exploit, security vulnerabilities As the investigation unfolded in the following days, it was revealed that the origin of the attack was through the SolarWinds Orion network management platform, which is widely used by commercial and government customers, including FireEye. 

 

Why Secure Passwords Matter 

At this time, it appears the hackers were able to exploit a weak password on the Orion software update server to upload a malicious executable that installed a backdoor into any environment that installed the affected Orion update. IE is a partner of both FireEye and SolarWinds, and has worked diligently to understand and mitigate the risk of these exploits for our customers since they were announced. IE will continue to look for and implement official recommendations to ensure the utmost safety for our customers and we urge all companies and consumers to do the same. 

 

Review Your Password Complexity and enforce your Organization’s Password Policy 

IE has always advocated for our customers to implement and enforce policies for complex passwords.  This unfortunate situation clearly demonstrates the potential scope and damage that can occur from just a simple exception to such a policy.  While no organization can ever be entirely free of security risks, much can be done to limit exposure in advance of a malicious actor attempting to exploit your organization.  If you have concerns about security risks that may exist in your organization, please contact your IE account manager to discuss our security consulting and advisory services which are designed to help organizations find and mitigate risks before they are exploited. 

  

For further information, please refer to https://us-cert.cisa.gov/ncas/alerts/aa20-352a 



Topics: Security



Internetwork Engineering (IE) is a private technology consulting company that improves business outcomes with the expert selection, implementation and operation of information technology. Since 1996, our expert combination of people, partners and process have allowed us to become a strategic service provider for clients throughout the Southeast. With our Ideas to Execution (I2E) methodology, we deliver customized technology solutions that align with business goals to create a distinct competitive advantage.

To learn more about IE, visit ineteng.com.