The recent supply chain security attack on SolarWinds deployments dubbed “Sunburst” will have a ripple effect around the world for many months to come. The success of this malware attack gave threat actors wide-ranging access to both corporate and governmental information systems. The attack was very sophisticated and utilized many advanced techniques to gain a foothold and remain persistent within the compromised environment by deploying other backdoors yet to be uncovered.
Masergy’s advice: Assume the worst and diligently monitor. Due to the nature of this attack and its ability to fully compromise Active Directory, which includes exposure to stored/cached passwords of these systems, organizations should assume they were compromised. It is imperative that steps are taken to actively monitor for the existence of the “Sunburst” indications of compromise (IOCs), even when no compromise has been confirmed. This should be performed as a precaution. It is very possible this threat actor has gained a foothold within a given environment before the threat was detected. Since then, the threat has become persistent within the network and its tracks have been hidden along the way.
The IT environments of all Masergy security customers are being actively monitored for all known activity associated with the “Sunburst” attack, which includes monitoring for the use of all file hash IOCs. This includes monitoring for the existence of the backdoor payloads deployed with this attack called “TEARDROP” and “CobaltStrike BEACON.”
Additional suggested recommendations
In addition to monitoring for Sunburst, Masergy recommends that organizations take a number of steps that go above and beyond basic security architecture best practices to help reduce future risks going forward, including:
Defense in depth is still a critical piece of the security puzzle. Ensuring multiple protections operate in parallel and have the ability to work together to identify and prevent attacks in real-time is essential. Masergy stands ready to help companies strengthen their security posture at this critical time.
Existing clients with questions or concerns should contact their account managers or Masergy’s security support center at 972-980-1932 or email@example.com.
Accelerated transformation has spurred new governance phases. Rebalance innovation and security by putting these checks and balances in place.
How sustainable is your hybrid work strategy? It's time to unite the disciplines of connectivity, cybersecurity and collaboration.
As a leading managed security services provider, Masergy earns one of Cyber Defense Magazine’s most prestigious awards. Here’s why.