The SolarWinds Breach: How to Protect Yourself from Similar Data Theft 15 Jun 2021
Data protection is paramount to all corporations. In managing your IT assets and staying on top of your IT security, your company can protect itself from data breaches and mitigate cybersecurity threats.
One way you can improve your company’s data protection is by taking note from other corporations who have come under attack from cybercriminals. Never let your corporation get complacent regarding a breach of data. These attacks can be catastrophic for your company’s, client’s and employee’s sensitive data, as well as your reputation.
A recent data breach that you can learn from is SolarWinds, which has been named the ‘Pearl Harbour of American IT.’ Read on to find out how their data was accessed and the best practice for scrubbing potentially compromised IT assets.
Please note, this article does not aim to review the methods carried out to infiltrate SolarWinds Orion program and their client’s data. This article has been created with the sole purpose of discussing the reuse and reallocation of compromised IT assets.
Remediating the SolarWinds Breach Corrupted IT Assets
SolarWinds is an American company, headquartered in Texas, that develops software to manage its network and information technology infrastructure. In December 2020, it had 300,000 customers, including nearly all Fortune 500 companies and numerous federal agencies; to say they were a respectable corporation is an understatement.
However, despite their prestige and reputation in the industry, SolarWind’s Orion network monitoring program was recently hacked. Cybercriminals gained critical entry to over 18,000 government and private networks, leading the attack to be referred to as the ‘Pearly Harbour of American IT.’
Specifically, the hack achieved the infiltration of the update server of the Orion program. With this access, the perpetrators were able to appropriate user IDs, passwords, financial records, source codes, and anything else located on these networks (WhiteCanyon). The hack was extremely damaging to all levels of the US government, with the Cybersecurity Infrastructure and Security Agency (CISA) calling the incident a ‘grave risk.’
The Infiltration and Compromised Architecture
When the hackers infiltrated the system, they caused multiple vulnerabilities in the targeted networks. The extent of the attack is still being analysed. Consequently, it is unknown whether all IT assets within the affected organisations are now compromised or if there are backdoors in place throughout the devices.
What we do know is it is safe to assume that all systems have been compromised. So now necessary steps must be taken to mitigate additional exposure and rebuild all victim’s networks.
Reallocating Assets and Rebuilding Networks
Compromised IT assets can include anything from server and SANS to workstations and other IT assets. Mobile devices can also be included in these attacks; however, this has not yet been confirmed yet.
The reallocation of IT assets and the rebuild of the network is a monumental task. If you find yourself in this unfortunate position, we have put together recommended software that will help you properly sanitise all IT assets before redeploying them in a new network.
The drive erasure on each device can be performed by a multitude of erasure products and OEM tools. We recommend WipeDrive Enterprise for data erasure because of the certifications with the Department of Homeland Security, HIPAA, ADISA, and Common Criteria.
WipeDrive will perform the erasure pattern required by your regulatory body, whether this is the DoD 3 Pass, NIST 800-88, or other overwrite pattern. WipeDrive meets NIST Clear & Purge levels and implements the ATA SecureErase/SanitiseDisk commands. This is why it is the market-leading software available on the market.
VeriDrive: Verifying your IT Assets
There are many verification tools on the market; but, we recommend VeriDrive for this crucial step in your sanitisation process. Once you have completed the data erasure steps, the deletion of data must be verified to ensure that the HPA, DCO and TPM chip data is securely erased. This will ensure the device is sanitised and ready to be reallocated to the newly rebuilt network.
For more information about WipeDrive and VeriDrive, get in touch with our sales team today. Call us on 0345 340 3105 or fill out the enquiry form on our website here.