The SolarWinds supply chain attack has rocked the business world, stirring a whirlwind of supply chain security evaluations. The pernicious effects of the SolarWinds cyberattack (which is likely to take months to fully comprehend) reveals an uncomfortable truth causing stakeholders globally to reconsider their business model - vendors introduce a significant security risk to an organization.

Software supply chain attacks are back in the news. Last week, security researcher Alex Birsan executed a novel attack against Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, and Uber by leveraging a design flaw in automated build and installation tools. Along with the recent SolarWinds breach, this most recent attack is renewing attention on software supply chain security.

While cybersecurity is a major concern for all tech-enabled businesses, it is more so for the supply chain where hand-off happens from raw materials to delivery of a product or service. All the functional areas are potential touchpoints where cyber-attacks can happen.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we are exploring the concept of supply chain cybersecurity in a time when there is a rising number of third-party cyberattacks.

In December 2020, the U.S government announced that it fell victim to what is believed to be the largest security breach in the nation's history. The breach occurred through an innocuous IT update from the Government's network monitoring vendor, SolarWinds. This monumental breach exposes a novel and powerful method of clandestinely penetrating even the most sophisticated security defenses through third-party vendors - supply chain attacks.

Following the attack on FireEye, the US Department of Homeland Security (DHS) has issued an Emergency Directive (ED) regarding a backdoor being exploited in SolarWinds Orion products, versions 2019.4 through 2020.2.1 (inclusive). Based on file signatures, FireEye considered this campaign to have started around March 2020, potentially affecting up to 18,000 organization worldwide.

The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.