Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Seven Months After the SolarWinds Attack: What Has Changed and What Still Needs To

You likely know the story. In December of 2020, perhaps the most devastating cybersecurity breach to date took place. It was discovered that a highly sophisticated, advanced persistent threat (APT) infiltrated SolarWinds, a popular network management solution to several federal government agencies. Now, months after the attack was first discovered, we’re starting to gain a full understanding of its scope, the long-term impact, and what needs to be done to help prevent an attack of this magnitude from happening again.

One of the most significant impacts of the SolarWinds attack has been that cybersecurity is finally getting the attention it deserves at the highest levels of the U.S. government. President Biden issued an executive order in May 2021, outlining steps the federal government will be taking to modernize its cybersecurity defenses, facilitate the sharing of threat intelligence with private sector partners and improve the country’s ability to respond to incidents when they occur. The executive order also lays out a series of more stringent cybersecurity requirements for any organization wanting to do business with the government, including standards for software development and plans for more systematic investigation of cyber incidents. 

Cyber Change Doesn’t Come From Policy Alone, Mindset Matters

In addition to changes to national policy, the SolarWinds attack has had a significant impact on the actions and practices of both public and private sector organizations. The sophistication of the attack and the fact that it leveraged a widely used and trusted IT software provider, caused organizations around the world to scrutinize their supply chains and examine their own networks with a thoroughness that had not been done before. In doing so, many found other vulnerabilities and breaches in their networks that they weren’t even looking for and hadn’t previously been aware of. As a result of the massive house cleaning spurred by the SolarWinds attack, more organizations have learned the value of proactive threat hunting, asset identification, continuous monitoring and penetration testing.   

More than anything, the attack seems to have inspired both the public and private sectors to become more proactive with their cybersecurity. It also accelerated the need for greater and deeper partnerships between the public and private sectors. Government agencies are taking a hard look at their cybersecurity practices and capabilities, identifying where there are holes and where they might need to turn to private sector partners to help shore up their defenses and strengthen resiliency in their networks.

We Still Have Work To Do

Though the SolarWinds attack has already spurred changes in policy and action throughout the public and private sectors, more needs to be done to better prevent such attacks from happening again.

Focus on Database Security

Public and private sector organizations alike need to increase their focus on database security. For too long, organizations have focused on perimeter security but have neglected to adequately protect the databases where their most valuable assets live. Organizations should invest in technology solutions that are purpose-built for data protection and continuous database monitoring.

Assume You’ve Been Breached

Everyone should take an approach of assumed breach. Assume that adversaries are already in your network and determine what you can do to lessen the negative impact – such as implementing air gaps in the network or extra layers of authentication. Invest in proactive (rather than reactive) security measures including proactive threat hunting and managed threat detection and response (MDR) services. Adopt technologies that automate vulnerability testing and then supplement them with manual testing by skilled security analysts to create layers of protection and resiliency.

Foster Greater Public/Private Collaboration

Public sector agencies and cybersecurity vendors must work together to create more public/private collaborations. These types of partnerships have grown in recent years, as government agencies are realizing that they cannot go it alone, but more must be done to build greater trust within them. President Biden’s executive order will help with this, as it removes barriers to threat information sharing between the public and private sectors. By working together to deepen their relationships, government agencies and their managed security service providers (MSSPs) can improve threat detection and ensure that the government’s cybersecurity technologies are being used to their fullest capabilities.

Continuous Monitoring and Testing

Organizations must invest in continuous monitoring and testing. Today’s advanced persistent threats are designed to remain hidden as they spread throughout the network. At the same time, organizations’ environments are constantly changing. New devices are added to the network all the time. Technologies are moved from pre-production to production, which can cause new vulnerabilities to emerge, access rights need to be constantly changed as employees’ roles change, etc. For these reasons, periodic vulnerability testing and threat hunting are no longer effective. Organizations need continuous monitoring, regular threat hunting and ongoing access rights reviews. With the help of managed security services, they can enable continuous monitoring for greater protection from covert threats.

Build a Pipeline of Cybersecurity Experts

Both the public and private sectors are in desperate need of more skilled cybersecurity professionals. Currently, there is a global shortfall of nearly 4 million cybersecurity workers. Hopefully, high-profile incidents like SolarWinds and the Colonial Pipeline attack that directly impacted many peoples’ lives through fuel shortages will spur a wave of young people to enter the cybersecurity profession. In the meantime, government agencies and private companies will need to work together in public/private partnerships and lean on the staffing and expertise provided by MSSPs to complement their internal cybersecurity teams.

The SolarWinds attack was a moment of reckoning for the U.S. federal government and the private sector alike. It is spurring real changes in policy and actions among the public and private sectors. Organizations must take the lessons learned from this attack seriously and quickly move to improve resiliency and strengthen their own cybersecurity practices.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More