Tuesday, December 22, 2020

By Fuel HQ

On December 13^th, SolarWinds announced that hackers had inserted malware into a service that provides software updates for its Orion platform. Palo Alto Networks has quickly responded with a number of resources to help navigate SolarStorm attack, the name they assigned to the recent campaign of attacks connected to a suspected nation state actor behind the SolarWinds SUNBURST malware.

Below is a roundup of resources that the Fuel community can access online.    

December 23 Webinar With Unit 42

Palo Alto Networks will host an informative webinar session on Wednesday, December 23rd at 9 a.m. ET with Ryan Olson, leader of Palo Alto Networks Unit 42 Threat Research team. The discussion will include:

• What effective countermeasures you can take today to help protect your organization
• What we currently know about the attack
• What Palo Alto Networks is offering to help its customers in the spirit of its mission, which is to protect the community's digital way of life

Register online here.

Rapid Response Program

To support customers at this challenging time, the Cortex team at Palo Alto Networks developed a SolarStorm rapid response program. In addition to blog posts, videos and more, this program includes:

• A free SolarStorm Rapid Assessment: The team will help you locate the at-risk servers owned by your organization and assess whether you’ve been compromised. After the analysis is complete, you’ll be provided with a SolarStorm Assessment Report brought to you by Expanse and Crypsis.
• A SolarStorm Cybersecure Engagement: If you think you are exposed, you can be directly engaged with an expert team dedicated to this program, for a full investigation and remediation of the incident. This includes 200 Crypsis IR hours, two months of Expanse and two months of Cortex XDR.

Additional Information

 Blog posts, articles and additional resources can also be found online from trusted sources here:

• “Palo Alto Networks Rapid Response: Navigating the SolarStorm Attack,” an update from Palo Alto Networks CEO Nikesh Arora  
• “Threat Brief: SolarStorm and SUNBURST Customer Coverage,” by Unit 42
• “SUPERNOVA: A Novel .NET Webshell,” by Unit 42
• A breakdown for specific technologies and recommended steps from Unit 42:
  • NGFW
  • Cortex XDR
  • Conclusion
  • XSOAR
  • Github IoC feed from Unit 42
• “Cortex XSOAR for SolarStorm Breach Rapid Response,” by Jane Goh of Palo Alto Networks

More to Explore

Check out these Fuel blog posts for further reading:

• Career Spotlight: From Comic Books to InfoSec
• Cloud Myths You're Probably Falling for Right Now: Shared Responsibility
• How I Did It: PA-220 Lab Upgrade to PAN-OS 10
• Cloud Myths You’re Probably Falling for Right Now: IaaS, PaaS and SaaS