Cyber attackers exploiting software updates to SolarWinds’ widely used IT performance monitoring platform

Dec 14, 2020 - 03:18 PM
Cybersecurity Lock on Gold Wall

The Cybersecurity and Infrastructure Security Agency and Health Sector Cybersecurity Coordination Center are alerting organizations to a global cyberattack using a hidden back door or “trojanized” legitimate updates to the SolarWinds Orion performance monitoring platform to access public and private networks.

The attacks then retrieve and execute commands that can transfer and execute files, profile the system, reboot the machine and disable system services. For more on the cyber campaign, see the related advisories by SolarWinds and cybersecurity company FireEye and visit FireEye’s GitHub page for detection countermeasures.

“The SolarWinds update compromise, combined with the related breach of FireEye hacking tools last week, greatly accelerates the cyber risk to every organization in every sector,” said John Riggi, AHA’s senior advisor for cybersecurity and risk. “It is important to note that the corrupted SolarWinds Orion platform updates were released between March and June 2020 and a patch is not yet available to mitigate the full extent of the compromise. Organizations running SolarWinds should consider isolating any related infrastructure and block all internet access from servers and devices running SolarWinds software.” 

For more on this and other cybersecurity and risk issues, hospital and health system leaders may contact Riggi at jriggi@aha.org.

Related News Articles

Headline
Agencies issue advisory on updated tactics by Play ransomware group
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used…
Headline
Agencies release guidance on AI data security 
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners May 22 released guidance on securing data used for…
Headline
Russian state-sponsored cyber actors targeting tech companies, others 
The FBI, along with the National Security Agency and other international cybersecurity agencies, this week released a joint agency advisory on cyber operations…
Headline
FBI warns of cyber actors exploiting end-of-life routers
The FBI's Internet Crime Complaint Center released an alert May 7 warning of cyber actors exploiting vulnerabilities in end-of-life routers. Routers dated 2010…
Headline
FBI warns of malicious text, voice-messaging campaign impersonating senior U.S. officials
The FBI’s Internet Criminal Complaint Center May 15 released an alert warning of a malicious text and voice messaging campaign involving impersonators…
Headline
AHA blog — 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, examines the state of cyber and physical threats in 2025 as…