The recent breaches making headlines is a stark reminder that no organization is immune to cyberattacks. We firmly stand by FireEye and SolarWinds and commend them for their transparency and rapid response to help minimize impact to those affected. Like us, they fight the good fight.
Unfortunately, threat actors believed to be state-sponsored and highly capable, launched an attack against SolarWinds’ supply chain resulting in wide deployment of malware tied to an update of the company’s Orion IT monitoring platform. Another attack, this time targeting cybersecurity vendor FireEye allowed hackers to get away with the company’s red teaming tools used for security testing exercises, that also could be used to hack systems when in the wrong hands.
As details continue to emerge about potential repercussions, Bitdefender wants to ensure customers and partners that its products, services and technologies have not been compromised. Bitdefender Labs, threat intelligence and research team have taken several proactive steps to help ensure its key stakeholders remain protected from any potential fallout now and in the future.
Those actions include the following:
- Bitdefender Labs has been working around the clock updating our technologies including antimalware engines and detect and response solutions to identify the leaked FireEye tools and any of their associated behaviors.
- Our threat hunters are leveraging the latest threat intelligence and indicators of compromise associated with the attacks to proactively protect customer environments.
- We have launched our own investigations including reverse engineering of the malware and backdoor samples collected from these attacks and will share any new findings with law enforcement and the greater cybersecurity community.
Measures Bitdefender took to ensure its internal operations were not impacted:
An audit of our suppliers, partners, contractors and outsourcers concluded SolarWinds solutions are not incorporated into any products or services we procure.
Although Bitdefender does not use any SolarWinds solutions in its operations, a thorough systems check concluded no indication of compromise from the attack.
We have hardened our environment against specific techniques used in this attack and will continue to fortify through evaluations and tabletop exercises as new information becomes available.
Attacks targeting supply chains are some of the most complicated to mitigate against because usually the threat actors penetrate the environment and tamper with the company’s continuous integration processes, including digital trust and delivery of compromised software updates.
To help businesses strengthen resiliency against supply chain attacks, our security team recommends the following:
- Perform a thorough risk assessment to identify potential security gaps and weaknesses across your entire supply chain at least once a year.
- For organizations that develop software, implement software procedures that require validation through multiple reviews before new code reaches production.
- For organizations with production software environments as part of their core business, incorporate periodic security testing that looks for anomalous processes and network traffic behaviors in addition to classic application bugs.
Be assured we will continue to support our customers, partners and the security community the best we can from threat actors who work tirelessly to steal data, extort and cause harm.