NTT Limited to offer free cyber sec solutions to mitigate SolarWinds attack
Technology services company NTT Limited will offer “specialised sensor” capability to help them determine their risk and potential means to mitigate attacks related to the recent SolarWinds incidents. This will be offered to specific clients, free-of-charge, the company said in a statement.
In December 2020, a supply chain attack through SolarWinds’ commonly-used network management software allowed malware to be distributed to at least 18,000 organizations around the world. Additional threats have also since been identified, potentially exposing many organisations’ applications and data.
In response to these supply chain attacks, NTT will provide companies that believe themselves to be at risk of compromise with their 30-day trial of its Specialized Sensor for SolarWinds Detection and Alerting across all platforms other than Azure, at no charge.
This offering includes:
Deployment of a specialized sensor in AWS and Google Cloud Platform environments for the detection of Indicators of Compromise (IOCs) specific to the SolarWinds breach.
Near real time notification to a client’s security organization in the event a compromise is detected.
An actionable incident report delivered automatically, immediately upon detection of IOCs linked to the SolarWinds compromise.
On 8 December 2020, cybersecurity company FireEye reported a breach and exfiltration of their Red Team tools. Ultimately, FireEye realized the breach had come via supply-chain attack carried out by the implantation of malicious code in the SolarWinds update server for the Orion Platform.
The attack on SolarWinds, dubbed Sunburst, loaded a Trojan into the SolarWinds software update. This malicious update infected SolarWinds Orion Platforms, thus compromising the networks of SolarWinds’ clients. The sophistication of the attack has led analysts to assert that the cyber event was most likely attributed to Russian nation-state threat actors.
On Friday, December 18th, Microsoft released a statement confirming that its network had been compromised by the malicious software updates from SolarWinds. FireEye and Microsoft were two of many companies affected by the attack. US-based organizations were targets of nearly 80 per cent of the attacks. Apart from them, organisations based in Belgium, Canada, Israel, Mexico, Spain, and the United Arab Emirates (UAE) were also affected.
In response to the US attacks, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to US government agencies directing them to immediately disconnect or power down SolarWinds Orion products. US government agencies believed to have been breached so far include the Treasury Department, the Justice Department, the Energy Department, and the National Nuclear Security Administration, among others. The full extent of the attack is unknown. It is highly probable that more victims will be discovered since damage from this breach is still being assessed and new tactics, techniques, and procedures (TTPs) could be discovered.
Matt Gyde, President and CEO, Security Division at NTT Limited is of the view that threat actors have exploited disruption during the COVID-19 crisis to launch an accelerated wave of cyberattacks around the world. “The SolarWinds incidents were orchestrated by sophisticated operators and exploit the broad distribution of commonly-used software packages. NTT has now moved to proactively offer clients a way to identify potential problems in their technology infrastructure and take the steps needed to close those gaps,” he said.
Organisations can then engage with NTT for in-depth review, analysis, recommendations, and remediation including a rapid incident compromise assessment. NTT can also provide ongoing managed security services such as Security Operations Center as a Service (SOCaaS) and develop a Strategy for Supply Chain Security Assurance, to help clients monitor their technology assets and reduce risk from future threats.