Our Response to the SolarWinds Breach
I’m addressing this note to our clients to specifically highlight this week’s cyber breach that you are hearing about in the news.
It’s bad! But we were NOT infiltrated.
DataTrends stopped using Solarwinds products about 5 years ago and we removed its agents from all of our customers’ systems and powered down our Solarwinds servers. So rest assured, you are not part of the 17,000 firms that got automatic updates from the Solarwinds Orion platform (at least not through us!)
Unfortunately, FireEye, a cyber security firm, was infiltrated and some of their most sophisticated tools were taken. These tools can be used for very in-depth hacking.
On Dec. 18th, 2020 we deployed a tool kit that specifically scans for the FireEye tool set and ran it against our systems and verified that we are in a clean state. Today, we added that tool kit to our ProAssist platform and we are actively scanning all of our customers’ systems in the background. If you are a ProAssist customer of ours, you are already being scanned and monitored going forward. If you are not a ProAssist customer (you buy equipment or licensing through us but we don’t monitor your equipment) you can email our helpdesk, email@example.com, and request a scan.
Microsoft was another company that received the hacked Solarwinds Orion update. They released a statement last night: “Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”
So far, the bulk of the attack is directed at government facilities and tech companies. But do not let your guard down. Remind your employees that ANYTIME an email is asking for you to login to something, that is a RISK. A link in an email that is asking you to login to your Microsoft account should be assumed BAD until proven good! Your login credentials are precious and should not be shared. Hackers and bad actors are getting rich off of cheating their way into your data environment. Do not help them. Just because it says Microsoft, does not mean it came from Microsoft! Microsoft will not call you to tell you that you have been infected.
I have shared the link in the photo above to the Microsoft Blog that goes into great detail on the Solarwinds & FireEye breaches. It will not ask you to login or identify yourself. If it does, please close it and let us know so we can report it.
If you have any questions regarding this breach or would like to discuss your data security further, please do not hesitate to contact our team. We wish you all a safe weekend and thank you for your time.
Kevin Dunn, CEO