As you have likely heard in the news, a major supply chain attack recently took place against software tech firm SolarWinds (Security Advisory | SolarWinds). This attack was likely conducted by an outside nation-state, Russia, and intended to be a narrow, extremely targeted, and manually executed event, as opposed to a broad, system-wide attack. The attack was distributed by malware known as SUNBURST. The compromise was used to target cybersecurity firms as well as many U.S. government agencies.
Premier One takes the security of our products, our clients, and data very seriously, so we are happy to report that we have no reason to believe that any of our systems or our clients’ systems are involved or impacted. The compromise has taken place due to a vulnerability in a product called SolarWinds Orion, which is a network management system commonly used by governments and large enterprise. Neither Premier One nor our clients utilize the Orion product in any capacity.
Despite there being no direct impact to your organization or our own, please communicate to your staff to heighten their awareness to ongoing cyber security concerns and always take a cautious approach when conducting transactions online, including:
1. Watch for unusual requests in emails. If any request is unexpected, reach out to the other party by phone to double check before proceeding.
2. Look for the telltale signs of malicious emails. Fraudulent emails can be hard to spot, so make sure to examine the full “From” name and address and hover over any links to ensure they are not directing you to a site you are not familiar with.
3. If anything seems out of place or odd in an online transaction or communication, or if you realize you may inadvertently provided information to a malicious party, immediately contact your supervisor to discuss. Time can be of the essence to prevent a security incident from materializing.
Stay safe and Happy Holidays!