SolarWinds is a well-respected organization, and many organizations utilize their products. Not enough details are known to discredit their organization. Clearly, attackers see them as valuable enough to use as an infection vector.

This is called a supply chain attack because bad actors use a trusted product in an organization’s supply chain to attack the organization. A similar well-publicized attack happened with a popular tool, with many benefits, called CCleaner. The attackers successfully compromised 2.3 Million PCs.

The CCleaner supply chain attack is an illustration of dwell time. Attackers waited five months from the time they gained access to CCleaner before they launched the attack on CCleaner users. Many computers were safe, but not 2.3 Million of them.

Remember: Just because your organization fixes a vector through which the infection came does not eliminate damage already done. As an analogy, if you were the king or queen of a castle, and you found that attackers entered your castle walls to attack your city, raising the bridge over your moat does not eliminate the attackers who already made it inside.

Supply chain attacks are one of many reasons to eliminate as much software as possible at your organization. If a program is not essential, remove it asap. SolarWinds is vital for many organizations.

Please forward this to your friends so they can alert their IT departments to address this situation, and know to remove all non-essential software from all computers.

The post Emergency Update if Your IT Team Uses SolarWinds Products, and How to Protect Against Supply Chain Attacks appeared first on Foster Institute.

Second, attackers will target, more than ever before, organizations who store protected health information. If you are in healthcare, or even if your company name makes it sound like you are in healthcare, ramp up security to unprecedented levels and have a plan of what to do when you are breached.

Third, more attackers will use trusted security software as a vector to infect networks. Attackers already infected the program called C-Cleaner, used by millions of people to, among other things, speed up slow Windows computers. C-Cleaner is a very useful, and trusted, security program. Unfortunately, this tool became a powerful attack tool when attackers took over the update server. What program, one that you trust, will attackers take over to use as a vector to hack your computer?

Please forward this to your friends who can be on the lookout too.

The post Three Serious Trends to Watch Out for in Cyber Security appeared first on Foster Institute.

Every program that you install on your computer is a potential security risk.

CCleaner may be installed on your computers, right now, by well meaning, qualified, IT professionals who care about you and your organization. It is a powerful tool with many beneficial features. Yet it has been hacked.

It will not help you to invest energy being angry at your in-house, or outsourced, IT professionals, or to be angry at the developer of CCleaner. They mean well and are using their skills to protect you and your company. CCleaner has undoubtedly added a great deal of value to the world by speeding up computers and removing malware. At some point, IT professionals have to trust that some programs are secure.

But their trust is exactly what attackers are counting on.

What you, as an executive, must do is to ask your IT team for a list of all programs installed on your network. Ask IT to uninstall all programs, that you, with their input, decide are not absolutely essential for you to use to serve your employees and customers. Do not burden them with making that decision on their own.

You owe that to your customers who trust you with their information.

You may decide to stick to using programs from well known and vetted companies, although that is no guarantee that the program is safe. Any program that is installed by millions of users becomes a target for attackers to use as a vector into your organization’s computers.

If you use CCleaner, uninstall it. Know that some of your data, perhaps whole computers, have been compromised. You can read their official announcement here: https://forum.piriform.com/index.php?showtopic=48869

Know that uninstalling software does not remove the malicious code imbedded in your computer. And don’t count on your anti-virus to find the code. Attackers know how to hide malware from anti-virus programs. The best thing to do would be to rebuild the computers from scratch. Hackers are counting on the fact that your IT Pros do not have time to reload each computer. Ask your IT Pros if they have time. Either free up some of their time so they can perform the reload, or bring in an outsourced company to help, or choose to accept the risk and go on. That’s a decision for the executives to make. Using a technology called VDI makes the reinstallation process much easier.

If you want to continue to use CCleaner, if there is an executive level decision that the risk is worth the benefit, then you can ask IT to re-install the newest version.

Forward this to every executive you know. Tell them about this crisis, and how they must be involved in identifying all non-essential programs, so that IT can uninstall them.

The post Your Software, such as CCleaner, May Have Backdoors appeared first on Foster Institute.