What you need to know about the SolarWinds cyberattacks

Mitigate the impact with a Zero Trust architecture

How the SolarWinds cyberattacks work

Compromised SolarWinds Orion server
Compromised SolarWinds Orion server
Attack progresses with command-and-control
Attack progresses with command-and-control
Pivots across the enterprise to access additional resources
Pivots across the enterprise to access additional resources
Establishes persistence for future attacks
Establishes persistence for future attacks
Data theft or additional actions
Data theft or additional actions

A highly sophisticated adversary group compromised SolarWinds to distribute an infected version of Orion software to more than 18,000 customers, including many large enterprises and government agencies. Attacks are able to leverage vulnerable versions of Orion to establish an initial foothold in impacted organizations to carry out future attacks, including data theft or business disruption. To help organizations safely navigate questions related to SolarWinds and other emerging threats, we are making Zscaler’s expertise and resources available to those in need.

What you need to know about the SolarWinds cyberattacks

Help protect your enterprise with key insights from Deepen Desai, CISO & VP Security Research, Zscaler.

Immediate next steps you need to take

Discover if you’re running vulnerable SolarWinds Orion servers
Discover if you’re running vulnerable SolarWinds Orion servers
Determine if servers have been infected with FireEye’s Yara rules
Determine if servers have been infected with FireEye’s Yara rules
Isolate, disconnect, or power down infected systems
Isolate, disconnect, or power down infected systems
Review logs to identify C2 activity or lateral movement from compromised systems
Review logs to identify C&C activity or lateral movement from compromised systems
Reset all credentials used by SolarWinds Orion and associated services
Reset all credentials used by SolarWinds Orion and associated services

Zscaler best practices and guidance for stopping the SolarWinds cyberattacks

Eliminate your Internet-facing attack surface, stop potential lateral movement and block command-and-control activity with a Zero Trust architecture.
Eliminate your Internet-facing attack surface, stop potential lateral movement and block command-and-control activity with a Zero Trust architecture.
Enable complete SSL inspection and advanced threat prevention on workload to internet traffic.
Enable complete SSL inspection and advanced threat prevention on workload to internet traffic.
Run an in-line cloud sandbox to identify and stop advanced, unknown threats.
Run an in-line cloud sandbox to identify and stop advanced, unknown threats.
Enforce protections for known command-and-control traffic with continuous updates as new destinations emerge.
Enforce protections for known command-and-control traffic with continuous updates as new destinations emerge.
Limit the impact of lateral movement with identity-based microsegmentation for cloud workloads.
Limit the impact of lateral movement with identity-based microsegmentation for cloud workloads.

Zscaler Internet Access customers have fully automated protections for all known command-and-control servers and payloads.

ZSCALER THREATLABZ BLOG

The Hitchhiker’s Guide to SolarWinds Incident Response

Get expert guidance on how to run your own detection, investigation, and response efforts if you believe you’ve been impacted by the SolarWinds event.

Read Now

Zscaler cloud infrastructure security & trust

Zscaler’s cloud infrastructure does not use any vulnerable versions of SolarWinds Orion internally, and our platform is secure.

ZSCALER THREATLABZ BLOG

Zscaler Coverage for SolarWinds cyberattacks and FireEye Red Team Tools Theft

Zscaler provides multiple layers of protection across our inline cloud security platform. Get the full details on how we help protect your enterprise.

Read Now

Engage with Zscaler ThreatLabZ for support

Get expert help from our world-class threat research team to help you understand your risk, assess impact, and improve your security posture.

Yes, please keep me updated on Zscaler news, events, webcast and special offers.

By submitting the form, you are agreeing to our privacy policy.

Suggested Resources

BLOG

Supply Chain Attacks: What They Are, How They Work, and How to Protect Your Organization

BLOG

The Hitchhiker’s Guide to SolarWinds Incident Response

BLOG

Zscaler Coverage for SolarWinds Cyberattacks and FireEye Red Team Tools Theft