The U.S. Treasury Department was part of a massive supply chain attack on the SolarWinds IT management platform by Russia’s APT 29 group. Today’s columnist, Sam Curry of Cybereason, offers some analysis of the prolific hack and advice for security teams on how to respond. R Boed Creative Commons Attribution 4.0 International

News over the weekend of a massive breach by Russia’s APT 29 against the U.S. Treasury and U.S. Commerce Departments was eye-opening in its intensity. In addition, the CISA emergency directive urging all public and private sector organizations to assess their exposure and disconnect or power down the SolarWinds Orion products the attacks were tied to was a rare move: CISA issued such a directive for only the fifth time in its history.

The infrequency of these types of directives should catch everyone’s eye and reinforce the seriousness of this latest breach. In other words, this warning should not go unnoticed. Since SolarWinds has 300,000 customers and more than 400 out of the world’s Fortune 500, a bold action like this was needed and required.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.