Voyager18 (research)

Fix the Vulnerabilities in the FireEye SolarWinds Hack

How to fix the vulnerabilities targeted by the red team tools used in this FireEye hack.

Rhett | December 15, 2020

Foreign hackers have been using multiple, layered software vulnerabilities to hack into “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” as described in this FireEye blog post. This Vulcan Cyber blog post explains how to fix the vulnerabilities targeted by the red team tools used in the FireEye hack, initiated by the SolarWinds Sunburst advanced persistent threat attack campaign.

FireEye has done the needful and specifically disclosed the vulnerabilities that their red team tools were designed to ethically exploit. All of the vulnerabilities targeted in the FireEye hack have been disclosed by their respective vendors and have a CVE assigned. More importantly there are fixes, remedies and patches available for each of them detailed below.

Vulcan Cyber, and the vendors who have previously disclosed these vulnerabilities, strongly encourage all IT security teams to quickly evaluate their risk and exposure to these vulns, prioritize them, and then “get fix done” as soon as possible. A list of these vulnerabilities is provided below with recommended remedies linked to in the free Vulcan Remedy Cloud library. These vulnerabilities are the foundational attack vector in this scenario and fixing them should be the first priority in response to this threat.

And while not considered one of the vulnerabilities targeted in the FireEye hack, all SolarWinds Orion customers should quickly update their tools to protect against this potential backdoor by following the instructions in this SolarWinds Security Advisory.

Please also follow the FireEye red team tool countermeasures provided in this blog post and in this FireEye GitHub repo.

A list of CVEs targeted by the FireEye Red Team tools, a brief description of each, its CVSS score, and remedies in Remedy Cloud:

As with most security threats, there are ways to protect your business from the hackers and the bad actors but it takes work and diligence. Vulcan Cyber and FireEye both make tools used by IT security teams to proactively protect digital business from a long list of vulnerabilities and exploits.

Vulcan Cyber makes vulnerability remediation orchestration tools that help teams fix, patch and remedy known vulnerabilities. FireEye makes tools used by corporate red teams, or ethical hackers, to simulate attacks on a company’s people, networks, applications in an effort to measure how well the company can protect itself and withstand an attack from a real-life hacker with bad intentions. If these red team tools got into the hands of actual hackers it could be a bad situation for companies who have yet to remediate the vulnerabilities that can be exploited using the red team tools.

If your company has diligently stayed on top of high-priority vulnerabilities and you remediate known issues in a timely manner, then you probably have nothing to worry about. But a mature vulnerability remediation program is the exception rather than the rule and most companies fall short in their efforts to patch and secure even the most severe vulnerabilities.

Please consider using Remedy Cloud as a free service to help you and your team efficiently identify and fix these 16 vulnerabilities targeted in the SolarWinds and FireEye hack.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy