Bitdefender’s Response to Fire Eye and SolarWinds Breaches and Recommendations for Organizations

“No organization is immune to cyberattacks”

An attack was recently launched against Solarwinds’ supply chain resulting in wide deployment of malware tied to an update of the company’s Orion IT monitoring platform. Another attached targeted another cybersecurity vendor FireEye allowing hackers to get away with the company’s red teaming tools used for security testing exercise, that also could be used to hack systems when in wrong hands.

Gigasec firmly stand by FireEye and SolarWinds and commend them for their transparency and rapid response to help minimize impact to those affected. Like us, they fight the good fight.

As details continue to emerge about potential repercussions, Gigasec and partners (Bitdefender) wants to ensure customers and partners that its products, services and technologies have not been compromised.

Bitdefender Labs, threat intelligence and research team have taken several proactive steps to help ensure its key stakeholders remain protected from any potential fallout now and in the future.

Those actions include the following:

• Bitdefender Labs has been working around the clock updating our technologies including antimalware engines and detect and response solutions to identify the leaked FireEye tools and any of their associated behaviors.
• Our threat hunters are leveraging the latest threat intelligence and indicators of compromise associated with the attacks to proactively protect customer environments.
• We have launched our own investigations including reverse engineering of the malware and backdoor samples collected from these attacks and will share any new findings with law enforcement and the greater cybersecurity community.

Measures Bitdefender took to ensure its internal operations were not impacted:

• An audit of our suppliers, partners, contractors and outsourcers concluded SolarWinds solutions are not incorporated into any products or services we procure.
• Although Bitdefender does not use any SolarWinds solutions in its operations, a thorough systems check concluded no indication of compromise from the attack.
• We have hardened our environment against specific techniques used in this attack and will continue to fortify through evaluations and tabletop exercises as new information becomes available.

Attacks targeting supply chains are some of the most complicated to mitigate against because usually the threat actors penetrate the environment and tamper with the company’s continuous integration processes, including digital trust and delivery of compromised software updates.

To help businesses strengthen resilience against supply chain attacks, our security team recommends the following:

• Perform a thorough risk assessment to identify potential security gaps and weaknesses across your entire supply chain at least once a year.
• For organizations that develop software, implement software procedures that require validation through multiple reviews before new code reaches production.
• For organizations with production software environments as part of their core business, incorporate periodic security testing that looks for anomalous processes and network traffic behaviors in addition to classic application bugs.

Be assured we will continue to support our customers, partners and the security community the best we can from threat actors who work tirelessly to steal data, extort and cause harm.

Contact Gigasec today to build a comprehensive IT Risk Management Program today. info@gigasecintl.com | 0815 444 2732

Reference: Bitdefender