SolarWinds’ Attack – Exposed Orion Platforms Are Still Out There

SolarWinds’ Attack – Exposed Orion Platforms Are Still Out There

Share:

Share on linkedin
Share on facebook
Share on twitter

The SolarWinds supply chain attack is one of the most sophisticated cyber attacks the world has witnessed in recent years.

While this incident has been known for almost 3 weeks now, as of December 30th 2020 there were still 930 exposed services running SolarWind’s Orion Platform of which 61% were still running vulnerable unpatched Software versions.

The below chart illustrates the various unpatched software versions and the corresponding number of exposed Orion platforms discovered by Reposify’s Attack Surface Management platform.

Exposed-Orion-Platforms-Discovered-by-Reposify

WHAT ARE THE RISKS?

SolarWinds’ Orion Platform includes 12 different modules which according to SolarWinds’ website deliver a “scalable infrastructure monitoring and management platform designed to simplify IT administration”.

By gaining access and control over these modules, attackers could have easily carried out various activities to enable easy access into your internal networks and/or leave backdoors that they can use at a later stage.

DID YOUR ORGANIZATION INSTALL THE COMPROMISED SOLARWINDS SOFTWARE UPDATE?

If so, there are various auditing steps which you must carry out as soon as possible to discover and remove any exposures or entry weak points that attackers might have created in your attack surface.

Special focus areas for examination should include:

  • Firewalls, Routers & Switches: Ensure configurations are meeting your policies.
  • Remote Access Services: Ensure your RDP panels are not exposed, VPN are patched and proper authentication and MFA are in place
  • Cloud Assets: ensure no assets are missing and verify that access management settings are properly configured

HOW CAN REPOSIFY HELP?

Not sure if your organization might have been affected by this attack?
Want to discover if any of your subsidiaries are using SolarWinds’ Orion platform?

Contact our cyber experts today to get a comprehensive analysis of your external attack surface to discover any unknown exposures, misconfigurations and vulnerabilities that attackers might be able to exploit.

Uncover My Exposures

IMPORTANT LINKS:

New call-to-action

Reposify is an attack surface management platform delivering autonomous 24/7 discovery of exposed assets across all environments and the supply chain. Leading enterprises worldwide use Reposify to gain unparalleled visibility of their internet-facing assets and actionable security insights for eliminating shadow IT risks in real-time

Share:

Share on linkedin
Share on facebook
Share on twitter

Ready to discover your External Attack Surface?

Read Next

What You Need to Know About Shadow IT

Organizations see an unprecedented increase in the appearance of shadow IT over the past few years. What are the main security risks and financial implications you should prevent?

Common Methods of Cyber Attacks – as Told by the Attackers

While there are many different ways attackers can access your IT systems, most cyberattacks rely on similar techniques. Read about some of the most common methods of cyber-attacks - from the attacker's point of view. 

Cybersecurity metrics that every CISO should monitor to mitigate risk

There are many ways to keep your assets secure, but building a foundation and mapping your assets to protect your external attack surface as the first line of defense is a solid start.