The supply-chain attack on the SolarWinds network management software, Orion, which came to light in mid-December, has had far-reaching impact on government and private sector organizations. Please see the advisory from the Cybersecurity & Infrastructure Security Agency (CISA) for more information on the breach.
Within 24 hours of the breach notification, SilverSky began taking action, much of which is ongoing as new indicators of compromise (IOCs) are provided.
- SilverSky SIEM team built new detection rules based on the provided indicators of compromise (IOCs). New IOCs are being added as more details on the compromise are discovered; SilverSky has continued to monitor and deploy new detection rules as IOCs are provided.
- SilverSky SOC has scanned historical logs for the IOCs since March and found no activity related to the breach. We have conducted scans for the Sunburst and Supernova vulnerability and increased security event monitoring to try to identify if any horizontal or lateral movement present.
- SilverSky Operations performed ongoing emergency maintenance as updates from SolarWinds were made available to ensure all instances are running recommended versions. We have implemented all necessary updates as of today.
Our current analysis shows that SilverSky has no indication of compromise. We continue to follow SolarWinds and the Cybersecurity & Infrastructure Security Agency (CISA) for the latest details.
Frequently Asked Questions
(last updated 3/8/2021)
Does SilverSky use ANY SolarWinds Orion Software?
Yes, SilverSky uses SolarWinds for the management and monitoring of devices.
Has SilverSky found any indication of compromise?
We have scanned historical logs dating back to March 2020 and have identified no indication of compromise. We continue to scan for any newly identified IOCs related to this breach.
Has SilverSky worked through the suggested remediation steps of CISA and Solarwinds?
Yes. We have installed all patches provided by SolarWinds and updated them to the latest version (2020.2.4) as of March 5,2021.
Has any customer data been exposed as a result of this vulnerability?
No customer data handled by SilverSky has been exposed. We continue to monitor this as more IOCs are identified.
Has SilverSky verified with all vendors and service providers whether they use any of the affected SolarWinds products?
Yes, SilverSky is actively working with our supply chain to identify whether they use any of the affected SolarWinds products and to determine the remediation steps being taken are in line with what has been advised by CISA and Solarwinds.