More and more companies are putting out press releases that they have found malware in their networks because of the recent SolarWinds supply chain attack. Just today Microsoft admitted they were in the same boat, but no customer data seems to have left the building.
"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed," a Microsoft spokesperson said, adding that the company had found "no indications that our systems were used to attack others." They did identify 40+ other victims,
Since several of our customers have called and asked about how about KnowBe4. I'd like to confirm we are not a SolarWinds Orion customer, we are not running any of their products and never have.
This is one bad hack people, it's probably the worst one ever. The hackers bypassed a popular multi-factor authentication (MFA) solution. The attack involved the hackers accessing compromised end-points and servers involved in the MFA authentication process. They had complete control of multiple involved servers and used that access to undermine the MFA solution.
Roger Grimes remarked: "No defense is perfect. Everything can be hacked. And in some cases, MFA can be hacked easier than a login name and password. In most cases, a traditional-looking phishing email can bypass your MFA solution like it wasn’t even there. See this example video by KnowBe4’s Chief Hacking Officer, Kevin Mitnick here. It demonstrates one of the most common forms of MFA bypass, session hijacking, which has been around for decades, and yet most people who see it for the first time are shocked by it."
If you think that you will not suffer a data breach simply because you are using MFA, you might end up like Solarwinds and a thousand other companies that have learned this lesson the hard way. Train all employees and get your security culture to the next level.
Here is a short FAQ:
- Do we use Solarwinds products? No
- Have we ever used Solarwinds products? No
- Are any of our key third parties / vendors affected by this Solarwinds hack in a way that would affect KnowBe4 or our customers? No
- Have we assessed the risk of the FireEye breach of their red team tools? Yes, it was determined it does not affect us.
- Does KnowBe4 have an incident response plan in place? Yes
- Is KnowBe4 more vulnerable because of this hack/breach? No
- Does KnowBe4 have a vendor management / third party risk management process? Yes