September 27, 2021

Volume XI, Number 270

Advertisement

September 24, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Five Things to Do in Response to the SolarWinds Compromise

The recent hack against FireEye and the U.S. Treasury and Commerce Department affected SolarWinds software for other clients as well (not limited to the U.S. government). SolarWinds has confirmed a cyberattack to its systems inserted a vulnerability within the SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 HF 1 (see the SolarWinds Advisory if unsure which version you use). If your organization uses these products, prompt action may be needed to identify and mitigate potential security implications. Some SolarWinds customers have already received notice directly from SolarWinds that the products their organization uses were not affected by the incident and no action is required. Otherwise, we recommend the following mitigation steps, along with review of the advisories from SolarWinds and FireEye also provided below: 

  1. Disconnect from the internet all Orion products for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1 and update your versions as noted in the SolarWinds security advisory

  2. Identify and block all traffic to and from external sources where Orion software is installed

  3. Remove exemptions for Orion software file directories in your organization’s antivirus software and scan your systems

  4. Identify threat-actor controlled accounts and remove those accounts

  5. Continue monitoring systems for other suspicious activity and read updated advisories as more information about the attacks is discovered and released

Copyright © 2021 Womble Bond Dickinson (US) LLP All Rights Reserved.National Law Review, Volume X, Number 350
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Tara Cho CIPP/US CIPP/E Data Security Attorney Womble Bond
Partner

Tara focuses her practice on privacy and data security issues across multiple industries such as technology, retail, e-commerce, and life sciences, with an emphasis on compliance risks and regulatory requirements affecting the healthcare sector. Tara became certified as a legal specialist in Privacy and Information Security Law by the North Carolina State Bar Board of Legal Specialization in 2018 as part of the inaugural class of specialists in this field – one of just 10 attorneys in the state to hold this certification.

She helps clients with all aspects of privacy and data...

919-755-8172
Taylor Ey, Intellectual property attorney, Womble Carlyle, Law Firm
Associate

Taylor is an associate in the Intellectual Property Practice Group in Womble Carlyle’s Research Triangle Park Office.

Education

J.D. | 2016 | Wake Forest University School of Law | cum laude | Notes and Comments Editor, Wake Forest Law Review, 2015-2016 | Teaching Assistant, Legal Analysis, Writing and Research I & II, Writing for Judicial Chambers

M.S. |2012 | The Ohio State University | Biomedical Engineering

B.S. | 2011 | The Ohio State University | Biomedical Engineering | Minor, Life Sciences | cum laude

919-484-2306
Advertisement
Advertisement
Advertisement