System Filters: SolarWinds Attack Surface and SolarWinds Orion Attack Surface

Summary: Information regarding the SolarWinds Attack Surface and SolarWinds Orion Attack Surface system filters.

On December 14th, 2020, RiskSense (introduced two new System Filters on the Hosts and Host Findings pages so that customers can assess their SolarWinds footprint:

• SolarWinds Attack Surface: This filter will return any CVE associated with SolarWinds that has been published in the last 15 years. The intention of this filter is to assist customers in quickly ascertaining the devices that are running SolarWinds software and therefore have the potential to contribute to the supply chain attack that was reported by numerous cybersecurity sources on December 13th and 14th, 2020.

• SolarWinds Orion Attack Surface: This filter will return any CVE associated with the SolarWinds Orion Product, which is confirmed to have contributed to the supply chain attack that was reported by numerous cybersecurity sources on December 13th and 14th, 2020.

The following links can assist in better understanding this emerging threat:

• https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

• https://www.newsweek.com/solarwinds-says-hack-affected-18000-customers-including-two-major-government-agencies-1554635

• https://thehackernews.com/2020/12/us-agencies-and-fireeye-were-hacked.html?m=1