The SolarWinds Hack: Resources and Guidance from Cybersecurity Experts

Published

Written by

Filed under

News broke to the public on Sunday, December 13th, that the SolarWinds Orion network monitoring platform had been hacked. In this sophisticated attack, SolarWinds Orion software updates had been trojanized to deliver malware, now called SUNBURST, into servers hosting the SolarWinds Orion software. Using this compromised server, the attacker is then able to move laterally in the network to compromise other assets and perform data theft.

Attack-at-Scale

This attack is part of a global intrusion campaign that began as early as March 2020 and is currently ongoing. The threat actors are identified as a nation-state advanced persistent threat (APT), with analysts suggesting that the data points to Russia. The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East, and it is anticipated there will be additional victims in other countries and verticals. Included in this list are several US Federal agencies, such as the Department of Homeland Security and the State, Commerce, and Treasury Departments. Microsoft has also reported they were a victim of this attack, but they “have not found evidence of access to production services or customer data.”

Advice

If you use SolarWinds Orion software, you will want to take immediate action to mitigate the effects of SUNBURST and determine if there are any indicators of compromise (IOC). If you don’t use SolarWinds software, you may still want to take action to understand to what extent your vendors and partners use SolarWinds.

Although news around this attack is still developing, SolarWinds has since released patches to mitigate this vulnerability. SolarWinds advises:

Customers with any products for Orion Platform version 2020.2 with no hotfix installed, or version 2020.2 HF 1, should upgrade to Orion Platform version 2020.2.1 HF 2 as soon as possible to better ensure the security of your environment.
In the event that you are unable to upgrade immediately, ensure that SolarWinds servers are isolated from the network – disconnected or powered down.

Note that before following the steps above, imaging system memory and/or host operating systems hosting SolarWinds Orion is recommended to aid in forensic analysis. Furthermore, we recommend rebuilding SolarWinds Orion from scratch rather than patching a potentially compromised host. See CISA recommendations below.

Next, as part of your incident response plan, a comprehensive investigation should be performed and, if attacker activity is discovered in your environment, remediation steps should be taken based on the investigation findings. This will likely include removing threat-actor controlled accounts and persistence mechanisms.

The emergency directive from CISA recommends:

Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed.
Rebuild hosts monitored by the SolarWinds Orion monitoring software using trusted sources.
Reset all credentials used by or stored in SolarWinds software. Such credentials should be considered compromised.
Take actions to remediate kerberoasting, including, as necessary or appropriate, engaging with a third party with experience eradicating APTs from enterprise networks.

Resources

Resources listed below are in the recommended order of reading for organizations that do have SolarWinds Orion monitoring software in their environment.

Overwhelmed?

This is a global-scale hack with potentially dire consequences for your organization and its or its customers’ data. If your organization does run SolarWinds but does not have the time or expertise to perform any of the suggested steps above, please call VPLS. We offer free consultation on how our team of certified security experts can become an extension of your IT staff and drive these necessary incident response procedures.

Read More from this Author

If you enjoyed this article, you'll probably like:

Disaster Recovery: How Will Your Business Recover After a Natural Disaster?

Blog Post / By VPLS Marketing Team

Published

Written by

Filed under

Hurricane Dorian has tragically hit the East Coast with winds stronger than 60 mph plus tons of rainfall; a recipe for absolute destruction! The fate of homes and businesses alike is uncertain.

It is hard to predict when natural disasters like these will strike. The only sure way to protect yourself is to always be prepared for any type of natural disaster at any time. In addition to protecting yourself and family, you also have to think about protecting your business. How will your business recover if your office building is destroyed?

Storms may do some major damage to your physical workplace and equipment, but your data, on the other hand, can be safe and sound. How? Let’s find out! VPLS offers these solutions to help protect your business’s data from being affected by natural disasters.

Utilizing a physical storage place to back up for all your business’s data in your office is not the most secure way to store data. In the event of a break-in or natural disaster at your office, your stored data is at risk of being destroyed. Think of this as putting all of your eggs in one basket. If you leave all your data storage, products, equipment, and other services in your office, everything will be destroyed or lost when disaster strikes. This is all the more reason why you should back up all of your data to the cloud. In the event of a natural disaster, you can rest assured that your data will always be secured in the cloud. Going to the cloud gives your data more layers of security to ensure that your data is heavily guarded against any physical damage. By using cloud storage for your business, you will have one less matter to worry about when the unpredictable comes your way.

VPLS offers Disaster Recovery as a Service (DRaaS) in addition to our cloud services. Our extensive knowledge and best in class technology allow you easy access to your data even in the event of a disaster. With multiple data centers around the world, VPLS is the perfect choice for businesses who are looking for cloud solutions. We incorporate backup technologies in our onsite appliance to replicate data to our data centers worldwide. Also, our consulting engineers work with you and your team to help you decide which applications are most effective for your Disaster Recovery solution. That along with our numerous cloud services makes VPLS a reliable company for cloud and data backup services.

VPLS hopes that those affected by Hurricane Dorian are safe. Natural disasters like these remind us to always be prepared for the worst-case scenario in order to protect your family and business.

Don’t forget, VPLS is a Data Backup Solutions Provider, VPLS can assist you with your offsite storage location to send your full and incremental backups to or create a full backup solution.

Read More from this Author

If you enjoyed this article, you'll probably like:

Business Continuity & Disaster Recovery

Blog Post / By VPLS Marketing Team

Published

Written by

Filed under

Business Continuity & Disaster Recovery

It is a common, but deadly mistake, to use the term Backup (B/U) interchangeably with Disaster Recovery (DR). This misunderstanding could cause any number of data security and data recovery issues that could potentially destroy a company or at least its IT guy. There is an additional concept in the same vein known as Business Continuity (BC) – let’s do a gut check. To start with, a business continuity assessment is a high-level assessment of a company’s IT enterprise and systematically identifying and then eliminating single points of failure (SPOF) – such as a single core-network switch, standalone server, or a single connection to the internet.

When designing a high-availability IT environment, each component in the compute, network and storage areas are designed and implemented with layers of redundancy. The more critical your IT systems (I don’t know of any organizations that haven’t become totally dependent on their IT stuff) the more business continuity needs to be addressed. Backups and disaster recovery plans are subsets of a business continuity plan.

Many people believe that just a backup alone is sufficient to prevent the loss of data in the event of a disaster, however backup is merely one aspect of a business continuity plan. In order to ensure that a backup can be “stood up,” there also needs to be a disaster recovery plan which identifies and provisions the actual hardware and software to run the backup and bring the company’s IT systems back into operation.

What is Backup?

Backup is the process of making copies of files to have a historical record of data as it existed at a certain point in time. The specifications of backups call for the definition of the following:

Retention – the length of time data must be retained
Recovery Time Objective (RTO) – designates the amount of “real time” that can pass before the disruption begins to impact business operations
Recovery Point Objective (RPO) – the variable amount of data that will be lost or will have to be re-entered during an outage

Making backups of files these days is very simple, if the IT is virtualized – it is literally as easy as taking snapshots of files. It is one of the major advantages of virtualization- but that’s a separate discussion. Just because it’s easy to make a backup doesn’t mean recovering data from those backups is easy. “Standing up” a backup requires the ability to restore the backup (snapshot) on a computing platform (hardware and software) capable of duplicating the operational parameters of the existing computing platform with the existing IT infrastructure. It doesn’t sound simple? It’s not – backing up is easy – restoring isn’t. That’s where verification testing comes in. Verify your backups.

But what happens when the whole existing IT infrastructure is gone? That’s a disaster.

What is Disaster Recovery?

Disaster Recovery (DR) is a set of procedures, hardware (computers, network, storage) and software (OS and applications) that allow a company to restore operations in the case of such a disaster.

Darryl Vidal, VPLS’s Director of Operations, stresses the importance that VPLS places in having both backup and disaster recovery. “You have to do both; if you have a backup but no disaster recovery plan, your backup could be sitting in a cloud with no resources to make it operational.” VPLS offers a variety of services to ensure that our customers’ data is secure if a failure, hack, virus. or natural disaster occurs.

Disaster Recovery must be considered in the context of. “what will we do if the data center office burns down?” Any and all types of backups can be rendered useless in the case of some disaster that takes out the whole building. For instance, if the building housing your data center were destroyed, what would be required to bring “critical” systems back online? Finance, manufacturing, email, and database systems would need to be back online first. Is there a complete backup of data, applications, operating systems, that could be brought into production on some standard hardware? Are the backup recovery procedures documented? If not, that really means that in a disaster, your company couldn’t come back up in weeks or even months.

To be clear, backups and disaster recovery is a subset of business continuity planning. BC seeks to identify all likely single-points of failure (SPOF), and implement equipment, processes and procedures to address each one – including backups and DR provisioning.

To begin the business continuity assessment process, take a systematic top-down approach, and review each potential point-of-failure. Then address each according to its level of criticality. Obviously, this means an assessment of criticality comes first. Start with a BC and DR plan. Then create the backup and recovery plan.

The best news is that today, these can be purchases from a Managed Services Provider (MSP) like VPLS. Backup as a Service (BaaS) is the service to have VPLS run your backups on our enterprise infrastructure. Disaster Recovery as a Service (DRaaS) adds the extra layer of actual hardware and software infrastructure to “stand up” your backup images in our Data Center infrastructure in the case of an attack, outage, or natural disaster.

Add to that the benefit of procuring BaaS or DRaaS without any capital outlay – a true opportunity to move from a CapEx to an OpEx IT finance model.

Verify Backup and DR Practices

Finally, verification of backup and DR practices are often not performed because of the huge resource draw and potential down-time caused by such an exercise. But, by having these services provide by an Managed Services Provider, DR verification testing should happen at least twice a year, if not quarterly. We don’t need to discuss why it isn’t done – convenience, opportunity, downtime -but the risk of not planning and documenting a full recovery operation only insures that when, or it, this disaster happens, the organization really doesn’t know if the processes and procedures will actually work. A situation best described as untenable.

To learn more about how VPLS can help businesses with business continuity and disaster recovery, visit VPLS Backup Solutions.

Read More from this Author

If you enjoyed this article, you'll probably like:

The Important Difference Between Backup and Disaster Recovery

Blog Post / By VPLS Marketing Team

Published

Written by

Filed under

It is a common, but disastrous misconception to think that backup and disaster recovery are the same. This confusion can cause a plethora of data security issues that can potentially hurt the company and damage its brand. Many believe that just a backup alone is enough to prevent data loss in the event of a disaster. However, a backup process is only the beginning stage of a necessary disaster recovery plan. In order to guarantee a business’s data is secured to the fullest, companies need to have a disaster recovery plan in place.

Join VPLS as we delve into what the difference between a Backup and a Disaster Recovery is and why it is extremely necessary to have both for your IT organization.

What is Backup?

Backup is the process of making copies of files as an alternative in case original data is compromised.

What is Disaster Recovery?

Disaster Recovery is a set of procedures designed to protect IT infrastructure in the case of a disaster.

Now that we have identified what each of those procedures consist of, let’s have an expert explain the importance of utilizing both at your tech environment. Darryl Vidal, VPLS’s Director of Operations, shares his input on why it is always best to have both backup and disaster recovery for your company: “You have to do both; if you have a backup but no disaster recovery, your backup could be lost for good [with no way of recovering it].”

We take data loss very seriously here at VPLS, our team has come up with a handful of solutions and services to ensure that our customers’ data is secured even in the most unpredictable worst-case disaster scenarios! The following are some VPLS services designed to help prevent data loss for your IT organization:

Colocation Services

VPLS Colocation services offer geographically-diverse data centers located all over the world to store our customers’ physical backup with 24/7 monitoring and support. Our physical storage is backed up to the cloud for additional security and surveillance.

VPLS Backup and Replication

Disaster Recovery as a Service (DRaaS)

With the help of our business and internal infrastructure, VPLS DRaaS services can gain experience and expertise in real-world situations to create disaster recovery plans for companies of all sizes. VPLS partners with leading software companies who specialize in disaster recovery to provide reliable and quick recovery.

Managed Cloud Backup

VPLS partners with reputable vendors such as Veeam to guarantee our customers reliable Managed Cloud Backup plans. With Veeam Cloud Connect, the need for VPN tunnels is eliminated and users are able to monitor their backups while having full visibility to storage data.

For more information about VPLS’ Backup and DRaaS options and services, please contact us today!

Read More from this Author

If you enjoyed this article, you'll probably like:

Disaster Recovery: How Will Your Business Recover After a Natural Disaster?

Blog Post / By VPLS Public Relations

Published

Written by

Filed under

Hurricane Florence has tragically hit the East Coast with winds stronger than 80 mph plus tons of rainfall; a recipe for absolute destruction! The fate of homes and businesses alike is uncertain. It is hard to predict when natural disasters like these will strike. The only sure way to protect yourself is to always be prepared for any type of natural disaster at any time.

In addition to protecting yourself and family, you also have to think about protecting your business. How will your business recover if your office building is destroyed? Storms may do some major damage to your physical workplace and equipment, but your data, on the other hand, can be safe and sound. How? Let’s find out! VPLS offers these solutions to help protect your business’s data from being affected by natural disasters.

Going to the cloud gives your data more layers of security to ensure that your data is heavily guarded against any physical damage. By using cloud storage for your business, you will have one less matter to worry about when the unpredictable comes your way.

VPLS hopes that those affected by Hurricane Florence are safe. Natural disasters like these remind us to always be prepared for the worst-case scenario in order to protect your family and business.
If you want to keep up with the latest security trends and other IT related products and services, please visit the VPLS blog and stay current with the latest news!

Don’t forget, VPLS is a Data Backup Solutions Provider, VPLS can assist you with your offsite storage location to send your full and incremental backups to or create a full backup solution.

Read More from this Author

If you enjoyed this article, you'll probably like:

Veeam Backup and Replication Services with VPLS

The Importance of Securing Local Data

Blog Post / By VPLS Public Relations

VPLS and Veeam Combine Forces

In the effort against cybersecurity threats and data loss, VPLS and Veeam are teaming up to provide customers the best in Data Backup and Replication services.

Here are a few reasons why you will want to shield your customer’s personal and financial data through VPLS and Veeam!

Disaster Recovery

When it comes to your company’s backup and recovery needs, it’s important to secure and prepare for any event or disaster that may happen.

Hawaii Missile Alert

Hawaii Missile Alert Take for example the event in Hawaii, when an alert of an incoming missile was issued by an employee who accidentally pressed the wrong button that caused panic to spread throughout the island. While the incident was accidental, the consequences for unaccounted human error were devasting.

Bad Rabbit Malware

Bad Rabbit Malware and Ransomware

Or, when malware Bad Rabbit, targeted Ukrainian and Russian media organizations, causing entire systems to become infected with ransomware. The cybercriminals responsible for the attack demanded payment in the form of Bitcoin, racking up thousands of dollars in mere minutes.

The above examples act as solid reminders that the best solution against multitudes of cybersecurity threats are prevention and intervention. Secure your company’s future through multiple security measures and a thorough backup plan.

Veeam Backup and Replication

To tackle these and other cyber threats, companies are ensuring their local data with data recovery services offered by Veeam.

Veeam Backup and Replication offers a great solution to verify recoverability of backups, instant recovery and testable upgrades within an isolated environment before implementation can commence. All of which are offered at a reasonable cost, tailored to fit your budget.

A few features worth mentioning are:

Virtual and Physical Backup Services
Cost-effective Options (Purchase or Rental Services)
Automatic Recoverability Testing
Built-in WAN Acceleration
Unlimited Scale-out Backup Repository
One-Click Disaster Recovery
Access to Veeam Cloud Connect for fast, secure, cloud backup
Recovery and eDiscovery for Microsoft Exchange, SharePoint, and Active Directory
And much more!

Test Veeam Backup & Replication for Free!

Discover the many features of Veeam Backup and Replication and test the product for 30 days.

The free trial includes access to all features without any limitations.

FOLLOW, LIKE & SHARE VPLS

If you want to keep up with the latest security trends and other IT related products and services, please visit the VPLS blog and stay current with the latest news!

Disaster Recovery and Business Continuity Are Not the Same: What You Need to Know

Leave a Comment / Blog Post / By VPLS Public Relations

What is Business Continuity? Business continuity or business continuity planning is the way in which a company maintains the operations of their business in the event of the loss of resources during a small outage or complete disaster. Whether the outage lasts for two hours or six days, it has the potential to be equally devastating. It includes preventative measures that are put in place company-wide and regulates a variety of controls. Ask yourself, how will our company continue to function if an outage occurs for any reason? What location will we work from and how will our employees be able to access the materials and information they need to continue to do their jobs? How will we continue to sell products and services to our customers? How will we continue to support them? Business continuity is about mitigating risk before anything ever happens.

Best Practices for Developing an Effective Business Continuity Plan

Best practices for developing an effective business continuity plan include:

Form a team, including employees from various departments, to develop a living business continuity plan.
Obtain buy in from your executive management team to ensure this is a priority for the company.
Be proactive in identifying risks and watch for new, potential risks on a regular basis.
Understand how those risks will affect your day to day business operations, as well as specific groups including employees and customers.
Put measures in place to mitigate those risks.
Identify people and procedures needed to alert employees, customers, vendors, and other key stakeholders that a disaster has occurred.
Regularly test your procedures to ensure they can be implemented efficiently, effectively and quickly.
Examine your plan quarterly or at an interval determined by your team to review the procedures and ensure they are still current.

What is Disaster Recovery?

Disaster recovery is one critical component of the larger business continuity plan. Although it is not solely focused on IT, it is often the IT department that takes over responsibility. It becomes your backup and recovery plan—the way in which you will maintain, store, and restore your data, files, software applications, servers, and other equipment so that you are up and running again in the shortest amount of time. Ask yourself, how frequently do we currently backup our data and can the company function without critical data for any period of time? Are additional servers and other equipment readily available to us to quickly rebuild our network infrastructure? Is there another secure location within a reasonable distance of our office where we could restore our network if the current server closet or server room is no longer usable? If business continuity is about mitigating risk before anything ever happens, disaster recovery is about quickly and efficiently implementing your plans during and after the disaster has occurred.

Best Practices for Developing an Effective Disaster Recovery Plan

Best practices for developing an effective disaster recovery plan include:

Understand what impact the previously identified risks could have on your IT assets.
Decide how you will replace equipment if that should be necessary.
Know how many additional servers and other pieces of equipment you have in stock which could be installed immediately after the outage.
Implement a procedure for obtaining any new parts which you may not have in stock.
Identify the level and type of support/notifications you will provide to employees, customers, vendors and others during the outage. For example, a help desk, call tree, automated push notifications or conference bridges.
Determine your Recovery Time Objective (RTO): The target time you need to recover your IT and business activities after a disaster has struck. Knowing how quickly you can actually recover your IT infrastructure and how quickly the business needs to recover to prevent catastrophic loss, will help you decide on the preparations you need to put in place to make sure that those two numbers are in sync.
Determine your Recovery Point Objective (RPO): The window of time in which data loss is acceptable for your company. Put simply, it is the amount of time between required data backups. Could your company still operate, virtually unaffected, if you were unable to access the last three days of data? If not, you may want to consider daily backups or even real-time backup.
Decide on your recovery failover procedures and system restart procedures.
Preselect a local data center provider whose colocation or cloud services you would be able to utilize in the event that your facility is no longer usable or accessible to ensure that rapid restoration of business operations is possible.

The Key Takeaway

Many companies choose not to proactively prepare for a disaster because they believe that it will never happen to them. If they are not located in a region prone to floods, hurricanes, tornados or blizzards, they do not believe it is necessary to expend the time, resources and money to not only implement but also maintain and test a plan. Remember, a disaster can come in many different forms, not just environmental. IT hardware failures, cyber-attacks, terrorist attacks and even vandalism or simple human error can cause extensive outages over extended periods of time. Correctly defining disaster recovery and business continuity planning, understanding the specific differences of each, proactively implementing a custom plan to meet your requirements and continually testing and reevaluating your plan will help keep your business in business for many years to come