Solarwinds is a 21-year old publicly traded monitoring and network management vendor with 300,000+ customers across the world. It’s familiar to IT operations and monitoring teams across enterprises big and small. And this week, it found itself in the news for all the wrong reasons.

Confidentiality, integrity and availability are the three basic laws of security. Availability is a kind of wayward son who becomes prodigal when he likes to, even if it is just to write eulogies with it when the systems go down, although the truth is that it is the most neglected out of the three of them and perhaps that is why monitoring has become more approached for what it may come from outside than what it is inside.

Flowmon Anomaly Detection System from Kemp now contains Indicators of Compromise (IoC) for the SUNBURST trojan specifically. Users of the Flowmon network detection and response (NDR) tool can check if they are under attack and set up measures to detect SUNBURST. This December, the world shook at the news of several US government bodies falling victim to a highly sophisticated attack.

On Saturday, December 12, our CEO was advised by an executive at FireEye of a security vulnerability in our Orion Software Platform which was the result of a very sophisticated cyberattack on SolarWinds. We soon discovered that we had been the victim of a malicious cyberattack that impacted our Orion Platform products as well as our internal systems.

The news of the “Sunburst Backdoor” malware delivered via SolarWinds Orion software has organizations choosing to shut down Orion to protect themselves. This includes several U.S. government organizations following the recent CISA guidance. If you are considering a similar response in your own environment, a critical next step is quickly restoring the lost visibility to the health and operations of your infrastructure.

The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.

On December 13, SolarWinds released a security advisory regarding a successful supply-chain attack on the Orion management platform. The attack affects Orion versions 2019.4 HF 5 through 2020.2.1, software products released between March and June of 2020. Likewise, on December 13, FireEye released information about a global campaign involving SolarWinds supply-chain compromise that affected some versions of Orion software.

Managed service providers (MSPs) face ransomware, malware, and other cyber attacks — and these issues can affect both MSPs and their clients. To understand the full impact of an MSP cyber attack, let’s examine the topic in more detail. Businesses use MSPs to manage IT infrastructure and other resources. In doing so, businesses outsource the maintenance and care of applications, networks, security, and other aspects of their IT operations to a third-party.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we explore how credential stuffing attacks are evolving and why they pose a greater threat than meets the eye. Credential stuffing is perhaps the simplest form of cyberattack, but it continues to make headlines despite its lack of sophistication. It has become the attack method of choice for cybercriminals primarily because of its high success rate and ROI.

It’s always in the early dawn hours – an SMS alert on your phone forces you to drag up your eyelids and look at a text: your site traffic has surpassed its usual threshold. You start to run through the possibilities as you drift off in search of a few more minutes of sleep but traffic keeps rapidly increasing and your brain jumps to a conclusion…could it be a DDoS Attack?