IT and Cybersecurity News

SECURITY BULLETIN: SolarWinds Compromise Advisory Statement

Written by Systems Engineering | December 16, 2020

UPDATE FOR THURSDAY, JANUARY 21

As you may have seen in the headlines, Malwarebytes recently announced it was targeted by the same threat actor who attacked SolarWinds. After an extensive investigation, Malwarebytes reported their Microsoft Office 365 and Azure environments were targeted, but they found “no evidence of unauthorized access or compromise in any internal on-premises and production environments.”

The intent of this communication is to help clarify Malwarebytes software used by clients has not been compromised or implicated in the investigation and subsequent findings to date.

Systems Engineering will continue to provide updates as information is made available to us from SolarWinds MSP on this channel.

Tuesday, December 29

Systems Engineering is aware of news articles, from Thursday, December 24th, with the headline, “Suspected Russian hackers used Microsoft vendors to breach customers”, suggesting that Microsoft re-sellers, like Systems Engineering, may have been compromised by the SolarWinds or “SUNBURST” attack. This news is based on an attempted attack on CrowdStrike, a cyber security vendor, who stated about the attack:

"CrowdStrike does not have any attribution and does not know of any connection to SUNBURST at this time."

A senior director at Microsoft stated at that time:

“We have not identified any vulnerabilities or compromise of Microsoft product or cloud services.”

We continue to closely monitor this event and want you to know that Systems Engineering takes securing access to customer data seriously and is compliant with all Microsoft re-seller security requirements, including required Multi-Factor Authentication for all SE employees.

Thursday, December 24

As previously communicated, Systems Engineering has taken the required steps to make SolarWinds new digital certificate for its MSP products available to our clients. Though SolarWinds MSP product line is not implicated, the new digital certificate ensures security and functionality moving forward as a recertification point. Distribution of the new digital certificate is automated and in progress at this time.

SolarWinds latest update and steps they’ve taken on the affected Orion Platform:

We want to assure you we’ve removed the software builds known to be affected by the SUNBURST vulnerability from our download sites.

Additionally, we want you to know that while our investigations are early and ongoing, based on our investigations to date, we are not aware that the SUNBURST vulnerability affects other versions of the Orion Platform products. Also, while we are still investigating our non-Orion products, we have not seen any evidence that they are impacted by the SUNBURST vulnerability.

Monday, December 21

In a communication dated December 18, 2020, SolarWinds extended the revocation date of their pre-existing MSP certificate to February 22, 2021. To provide our clients access to the newly issued SolarWinds digital certificate, Systems Engineering performed the required maintenance as soon as it was made available. 

As previously communicated, this action is a recertification of authenticity of SolarWinds MSP products. Systems Engineering’s choice to update upon SolarWinds release date is to avoid any further action by Microsoft or other antivirus vendors that could impact functionality before the planned revocation date in February.

Friday, December 18

For clarity, Systems Engineering does not use or sell the compromised SolarWinds Orion product. We do partner with SolarWinds MSP who, as a result of the SolarWinds Orion breach, has made the decision to digitally re-sign their products to ensure current customers have valid and secure products installed. 

This new digital certificate reflects a recertification of the authenticity of SolarWinds MSP’s products, both current and future.

Thursday, December 17

On a call with SolarWinds MSP, we learned SolarWinds MSP applications were thoroughly scanned and no indication of the Orion compromise was found. 

Wednesday, December 16

Recently, SolarWinds, a leading IT infrastructure management software provider, discovered a supply chain attack compromising their Orion platform software updates that distributed malware known as SUNBURST. The malware permits an attacker to gain access to network traffic management systems, and the attacker can leverage this to gain elevated credentials.

For more information on the details of the breach, please see the advisory from the Cybersecurity & Infrastructure Security Agency.

Systems Engineering does not use the Orion product but does partner with SolarWinds on their MSP product portfolio. The solutions we use are separate and distinct IT management platform from the Orion product that suffered the recent and serious compromise.

In a recent statement sent to SolarWinds MSP partners, the president of SolarWinds MSP said there is no known impact to the SolarWinds MSP products.

Next Steps

We will continue to closely monitoring the situation at SolarWinds and maintain direct communication with SolarWinds MSP. 

Recommended Action

Keeping checking here for updates here. We also encourage you to take some time and assess any network utilities you may have installed. Evaluate if they are required, and if not, remove them. If determined that the network utility is needed, be sure you are running the latest version. And as always, keep your laptops, desktops, and servers patched and up-to-date.

If you have questions about this SolarWinds advisory, contact Systems Engineering at info@systemsengineering.com, or 888.624.6737. Customers, please reach out to your Account Manager.