It has been reported that Russian State Actors, known as Cozy Bear or APT29, have compromised the SolarWinds Orion Network Monitoring Platform. This attack was carried out to infiltrate several US Government Agencies and was also used to exploit the cybersecurity vendor FireEye. You may be wondering what impact this will have on your organization and what your nonprofits response options to the SolarWinds incident are.
From the initial reports, it appears that the impact is limited to the Orion Monitoring system. Community IT does not use this specific software. Community IT uses SolarWinds N-Central platform as its monitoring system. At this time, it appears this product has not been impacted by this attack.
If you do not know whether your organization is using Orion platforms for cybersecurity or which product you are using, check with your IT department or MSP provider for more details.
SolarWinds has released this security advisory and list of impacted platforms.
Due to the sophistication of the attack and potential severity of the impact, Community IT has implemented its security incident response plan and is in touch with SolarWinds, the FBI and our Cyber Incident vendor to ensure that we have determined what, if any, exposure that we have to this supply chain attack.
Your IT team should be deciding with your executive team to determine if you have exposure and what response to make.
We’ll share updates as we have them. At this point because we do not use the Orion Platform or serve Government clients, the CISA directive to shutdown the Orion Management Products does not apply to our systems. We’ll be closely monitoring the situation and will take the appropriate actions to ensure the integrity and security of our systems.
Additional Notes
FireEye has released an initial write up of how the Orion platform has been exploited by leveraging the solarwinds supply chain and compromising it.
Microsoft has released updated guidance on the recent cyberattacks.
Ready to reduce your nonprofit cybersecurity risk?
At Community IT Innovators, we’ve found that many nonprofit organizations deal with more cybersecurity risks than they should have to. As a result, cyber damages are all too common. Whether at a third party vendor or a phishing or ransomware attack on your own organization, you need to be prepared for cybersecurity risks and understand the SolarWinds incident nonprofits response options.
Our process is different. Our techs are nonprofit cybersecurity experts. We constantly research and evaluate new technology solutions to ensure that you get cutting-edge solutions that are tailored to keep your organization secure. We published our Nonprofit Cybersecurity: a Guide for 2020 to help our community understand the issues. And we ensure you get the highest value possible by bringing 25 years of expertise in exclusively serving nonprofits to bear in your environment.
We regularly present webinars at Community IT about cybersecurity issues, including a popular webinar on cybersecurity insurance options.
If you’re ready to gain peace of mind about your cybersecurity, let’s talk.