SECURITY

Splunk’s Response to the SolarWinds Cyberattacks

Since mid-December and throughout the holidays, I’ve been speaking with Splunk customers and our own team about the cyberattacks impacting the SolarWinds Orion software platform. Splunk was not directly affected by this event, but as a leader in security, we want to help the industry by providing tools, guidance and support. It is critical to our entire industry that we work as a community to counter cybersecurity threats and share information about events like these.  

For background, here is a recap of what happened:

  • Sophisticated attackers, who appear to have been working for a foreign government, hid malware in a SolarWinds Orion software update.
  • This malware, associated with the threat campaign called Sunburst, gave the attacker a foothold with SolarWinds Orion customers, allowing them to access additional information and systems. 
  • Confirmed victims include cybersecurity firm FireEye and government agencies, including the U.S. Departments of Treasury, Commerce and Homeland Security. 
  • The attackers leveraged this foothold to steal internal tools that FireEye uses to uncover weaknesses in its customers’ networks.
  • There is a new threat, called Supernova, associated with this attack campaign and the situation continues to develop. We will continue to monitor as such. 
     

Splunk is doing everything we can to assist our customers who use SolarWinds Orion, and share relevant information with the larger community.

  • We’ve created a web page where we have posted and will continue to update useful and relevant information about the attack.
  • We published a blog post that shows customers how to use Splunk to detect the compromised SolarWinds software update in their environment. 
  • We published a message to customers confirming our ongoing support and how to contact us if they suspect they have been affected.
  • We proactively reached out and/or responded to inquiries from customers looking to assess our exposure.
     

We’ve also taken action to better protect Splunk as a business: 

  • The Splunk Security team continually monitors and evaluates security risks reported in the industry and the news. We took immediate action to confirm the safety of our systems and code from the SolarWinds attack.
  • Again, we have found no evidence that our internal Splunk systems have been affected in any way by the SolarWinds attack, because we are not SolarWinds Orion customers.
  • We are continuously monitoring our environment for signs of Sunburst and other malware. 
  • We’ve taken the extra precaution of confirming that all possible patches and security protocols are in place to protect against the stolen FireEye hacking tools. 
     

Repercussions from the SolarWinds attack will continue into 2021. All of us at Splunk remain vigilant and committed to identifying various avenues to assist our customers, partners and industry organizations in their response. Be sure to visit Splunk’s SolarWinds response site for the latest materials and information.

Yassir Abousselham
Posted by

Yassir Abousselham

Yassir Abousselham is the Chief Information Security Officer at Splunk. In this capacity, he oversees the delivery of the cyber security mandate across the organization and supports Splunk customers in bringing data to every question, decision and action within their security programs. Prior to Splunk, Yassir served as Chief Information Security Officer at Okta where he managed the Information Security function and chaired investments to position Okta as a leading security company. Before Okta, Yassir acted as the Chief Information Security Officer for SoFi, in addition to holding various security leadership roles at Google and EY. Yassir is also an active member in the cybersecurity industry, from co-chairing the San Francisco Evanta CISO Summit, to acting as an advisor to cybersecurity startups. Yassir also holds two U.S. patents in trusted network communication.

TAGS

Splunk’s Response to the SolarWinds Cyberattacks

Show All Tags
Show Less Tags

Join the Discussion