The recent SolarWinds hack has left several companies and government agencies reeling in their wake having caused widespread chaos and panic. Following up from this, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its official guidance for dealing with the impacts of this attack.
The CISA in its latest guidance has advised all US government agencies using the SolarWinds Orion platform to update to the latest version, 2020.2.1.HF2 before the start of 2021.
The CISA has taken a very hard stance in this scenario by stating that agencies that are unable to upgrade by then should take all the Orion systems offline.
We issued V2 supplemental guidance to Emergency Directive 21-01. @NSAgov verified version 2020.2.1 HF2 of SolarWinds Orion eliminates previously identified malicious code. Agencies using non-affected versions must update to the new version: https://t.co/b05xszsVTp pic.twitter.com/xdbSM9U3Oo
— Cybersecurity and Infrastructure Security Agency (@CISAgov) December 30, 2020
CISA has asked the agencies to act at a rapid pace since the fallout from the attack has the potential to snowball into something huge.
The attack had exploited a major vulnerability that allows attackers to bypass Orion API’s authentication and execute code remotely thus gaining complete access.
Supernova malware was being installed in the Orion run ..
Support the originator by clicking the read the rest link below.
