Broken Cyber Security

Cyber Security, SUPERNOVA, SUNBURST, and Solarwinds

Every major media outlet is covering the Solarwinds story. A Google search will quickly display pages of results that comment on the exposure of government offices and big data to Russian hackers. Cyber security is always an important topic and it deserves attention, especially when there is a breach or exposed vulnerability.

The reported stories have two significant issues. The first is that there is over or under dramatization to tell a story. This method of reporting doesn’t mean the facts aren’t there, but it significantly changes the audience and feeling of the story. The second issue is the lack of translation from a technology field into a universal language. If the audience doesn’t understand the story they’ll never be able to relate.

One of the primary goals of SheppTech is to help businesses understand and apply IT and Cyber Security best practices. It is much easier to attack a network than to defend it. This creates an equal importance between existing practice and adapting to new information.

To start, here is a link to the Solarwinds official security advisory page:
Solarwinds Security Advisory

You can also check out the Microsoft website blogs (example: Analyzing Solorigate) for information from their point of view. Microsoft was one of those affected by the attack, and they’ve committed resources to the front line of the investigation.

SUPERNOVA and SUNBURST: What are they?

Vulnerabilities get names when successfully attacked. SUPERNOVA is the malware which attackers placed on the compromised systems. SUNBURST is the name of the vulnerability that existed in the Solarwinds Orion software.

As of the date of this writing, not much information has been released about SUPERNOVA. The attackers used SUNBURST to insert a backdoor into targeted networks. The suspected backdoors are SUPERNOVA. There is no reported evidence of an instance of SUPERNOVA. Reports suggest that it exists due to the advanced skill necessary to exploit the SUNBURST vulnerability.

Investigations have returned some information on SUNBURST. This is the vulnerability in which a hacker modified a file in the Solarwinds Orion software. This modification allowed the attacker to access the systems on which it existed. FireEye, a cyber security company, initially discovered SUNBURST. FireEye traced the vulnerability back to their own Solarwinds Orion software. A widespread investigation discovered the vulnerability on more than 18,000 networks.

I don’t use Solarwinds: Why does this apply to my business?

Small businesses typically have small budgets. Small businesses should be watching trends in the cyber security world to help save money and resources. Best practice and needs for modification trickle down from the experiences of companies with large cyber security budgets. When a large company suffers an attack, they share the information with each other and the world.

When an attack is successful, attackers tend to do the same thing. The underground community share their successes and improvements to make the information available to less experienced hackers. These hackers then apply the information to smaller targets for practice, which exposes small and medium sized businesses and the information they possess.

Another factor in cyber security that makes it especially difficult for businesses with smaller budgets is the comparison between attacking and defending a network. Attacking a network is exponentially easier than defending the same network. Existing information is all defenders have to work with against attackers that can adjust on the fly. Real time database updates are impossible because of these new attacks. A skilled attacker can defeat even the most defended networks, as proven by the Solarwinds attack.

How does cyber security protect a small business?

It is just as important for a small business to be diligent as it is for a big business. The law, vulnerabilities, and attackers do not discriminate. Small businesses often avoid the attention of targeted attacks, but they remain vulnerable especially to disseminated attacks which spread without prejudice.

When a small business is trying to focus on growth and running a business, it may be difficult to also keep up to date with current trends in IT and cyber security. This is why managed services providers (MSP) exist. MSPs provide services that allow their customers to remain focused on sustaining and growing their businesses.

MSPs should guide a small business owner through the process, and will update them to their responsibilities. Poor IT management leaves some businesses exposed. An experienced MSP knows their limitations and recommends niche services for specific use cases, and they guide their customers through the obstacles of cyber security and IT.

SheppTech likes to describe relationships with customers as partnerships. When a business decides to partner with SheppTech, we treat their network like our own. We provide reports, recommendations, and take immediate action when necessary to keep networks, equipment, and data protected.

How does my business get started?

Our recommendation is to reach out to a reputable MSP, such as SheppTech (shameless plug, we know). It can be difficult to navigate the terms and services offered, so contact an MSP and ask questions. Establish needs and wants for IT and security prior to reaching out. Different MSPs offer different services, but a good MSP has partners or recommendations at the ready.

There are some MSPs that offer IT services, some that maintain Microsoft Partnerships, and some that do cyber security. Then, there are some providers that do a little bit of everything, and some that outsource the things they cannot do. Knowing what you need, and what your MSP offers is the first step to a strong defense.

What is the risk of not using an MSP for cyber security?

If you have a strong internal IT team, there is minimal risk. However, even when you have a full time IT staff, it may be useful to use the tools provided by an MSP to free up their time for more time sensitive or time consuming work.

If you do not have a full time IT team, or individual, the risk can be quite high. Many businesses start with antivirus, but they fail to realize that antivirus only scans files that are already on the computer. This alone is not adequate, and a consultation with an MSP should be top priority!

Conclusion

When looking at information about the recent attacks known as SUPERNOVA and SUNBURST, its best to look at the information from the reliable sources. The media often uses drama to tell a story, instead of focusing on the facts.

For small businesses, it may not be practical to spend large amounts of money on cyber security. However, cyber security and good IT practices should not be neglected. Small businesses can utilize MSPs to help take the weight of these important topics off the shoulders of entrepreneurs.

If you have questions about your IT or cyber security, contact SheppTech today! It is always free to reach out and chat with us.

Company Reviews

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.