skip to main content
X

Services

Technology, Risk & Compliance

Cyber attacks are more common than ever in our internet-driven world. Our approach to cybersecurity utilizes a 360° view that includes people, processes, and technology. 

WHAT THE SOLARWINDS BREACH MEANS TO YOU

WHAT THE SOLARWINDS BREACH MEANS TO YOU

You may have read about the recent breach at the network management software firm, SolarWinds, where malicious code was pushed to nearly 18,000 customers. SolarWinds acknowledged that hackers had inserted malware into a service that provided software updates for its Orion platform, a suite of products broadly used across the U.S. federal government and Fortune 500 firms to monitor the health of their IT networks.

If you are wondering whether your company needs to protect itself, your security partner should be able to help you with the following:

  • Understand which machines have the SolarWinds Orion Application installed on them and view all applications that were found in the last 90 days.
  • CISA and FireEye have recommended blocking all traffic to and from hosts that have SolarWinds Orion installed and monitor your network traffic for anomalies.
  • On 12/15/20, CISA recommended that organizations “Forensically image system memory and/or host operating systems hosting all instances of SolarWinds Orion versions 2019.4 through 2020.2.1. Analyze for new user or service accounts, privileged or otherwise.” 
  • Scan your entire server environment for secondary memory-only remote access tools (RATs) like Cobalt Strike.
  • Check Orion management servers for .net web shells (SUPERNOVA)
  • Ensure you are conducting host-based behavior monitoring via enabling real-time monitoring. Look for powershell activity and one-to-many administrative connections coming from Orion servers or servers in their local subnet.

Remember, having Orion isn’t confirmation that your data and network were breached. It simply means the actors had opportunity.  With tens of thousands of targets, it’s likely they ranked those networks to execute against the best targets first. 

UHY Consulting can conduct fast and cost-effective threat assessments

Our threat assessments are conclusive, cost-effective, and fast -- often completed within days without additional hardware or expensive contracts.

By leveraging built-in automation tools, UHY Consulting’s threat assessments are completed much faster than those performed manually using traditional security monitoring and incident response solutions. Our process includes:

  • Configure and deploy UHY Consulting tooling within minutes via one of several agent-less options.
  • Enumerate workstations, systems, and servers (physical or virtual) on your network.
  • Inspect host memory across your endpoints, pulling live and historical forensics data.

UHY Consulting is able to enrich primary forensics data with multiple sources of threat intelligence to prioritize threats, risks and vulnerabilities resident in your environment. We also run independent of your existing endpoint security infrastructure, avoiding potentially compromised detection rules.

No one should go through a breach alone. Contact UHY Consulting today at 630-288-6992 or cyber@uhy-us.com.

HAVE A QUESTION?

Please complete this form to hear from one of our experienced cybersecurity professionals

 

Hide Firm Disclaimer

©2021 UHY LLP. ALL RIGHTS RESERVED.

UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc. and its subsidiary entities. UHY Advisors, Inc. provides tax and business consulting services through wholly owned subsidiary entities that operate under the name of "UHY Advisors." UHY Advisors, Inc. and its subsidiary entities are not licensed CPA firms. UHY LLP and UHY Advisors, Inc. are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. "UHY" is the brand name for the UHY international network. Any services described herein are provided by UHY LLP and/or UHY Advisors (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.