SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack

  • Webcast Aired Monday, 14 Dec 2020 5:00PM EST (14 Dec 2020 22:00 UTC)
  • Speaker: Jake Williams

On Dec 13, 2020, SolarWinds, an IT company that creates software for network management, stated they were investigating an incident that appears to be the product of a 'highly-sophisticated, targeted and manual supply chain attack by a nation-state. ' SolarWinds said they are in contact with the FBI and that a vulnerability which existed until the March-June 2020 timeframe was leveraged to take advantage of their Orion software product.

The attack is a supply-chain based attack in which the adversary can leverage the software's update mechanism.'the SolarWinds attack has been linked to the Treasury Department and FireEye compromises at this time.

Information is being released continuously by those investigating the incidents across the thousands of organizations that use SolarWinds, including governments, militaries, and commercial entities around the world.

As indicators of compromise continue to be released, organizations and their incident response teams should prioritize hunting for adversary behaviors and Tools, Techniques, and Procedures (TTPs) associated with their SolarWinds installs, as that platform could be leveraged as a launching point into their organization.

Participants will learn about:

  • The latest information regarding the SolarWinds incident and the mechanics of the supply chain attack.
  • Any known detection mechanisms, including IoCs, that have been released at this point.
  • How the incident could impact organizations that use SolarWinds and where to begin investigations.