On December 8th, it was announced that FireEye, a leading security consultancy, had been the victim of a sophisticated hack that had led to the exfiltration of numerous tools used to test, and potentially exploit, security vulnerabilities. As the investigation unfolded in the following days, it was revealed that the origin of the attack was through the SolarWinds Orion network management platform, which is widely used by commercial and government customers, including FireEye.
At this time, it appears the hackers were able to exploit a weak password on the Orion software update server to upload a malicious executable that installed a backdoor into any environment that installed the affected Orion update. IE is a partner of both FireEye and SolarWinds, and has worked diligently to understand and mitigate the risk of these exploits for our customers since they were announced. IE will continue to look for and implement official recommendations to ensure the utmost safety for our customers and we urge all companies and consumers to do the same.
IE has always advocated for our customers to implement and enforce policies for complex passwords. This unfortunate situation clearly demonstrates the potential scope and damage that can occur from just a simple exception to such a policy. While no organization can ever be entirely free of security risks, much can be done to limit exposure in advance of a malicious actor attempting to exploit your organization. If you have concerns about security risks that may exist in your organization, please contact your IE account manager to discuss our security consulting and advisory services which are designed to help organizations find and mitigate risks before they are exploited.
For further information, please refer to https://us-cert.cisa.gov/ncas/alerts/aa20-352a