What has happened?
A serious breach of the SolarWinds Orion Remote Monitoring and Management (RMM) tool by a sophisticated adversary has occurred, resulting in several high profile data breaches. SolarWinds also has another RMM tool called nCentral which we use to provide services to our customers. There is no indication that nCentral has been compromised.
Are Theta’s customers safe?
Approximately 27% of New Zealand businesses that use a Remote Monitoring and Management (RMM) tool use a SolarWinds product of some kind. Indications are that that large security and government organisations that would typically use Orion appear to be the target, at least at this stage. We and our customers should therefore be confident that there is little risk of a similar attack facing us, and hence we should all have confidence that our data, projects and technologies are safe.
What actions has Theta performed to ensure we continue to be safe?
Because it is remotely possible that nCentral is in some way related to Orion, we have taken numerous measures to ensure that our use of this nCentral is not affected by the Orion vulnerabilities, including threat hunting for Indicators of Compromise (IOCs) across our enterprise and our managed customers. We also have additional firewall rules and monitoring in place to detect anomalies associated with attempts to re-use these vulnerabilities by other cyber threat actors.
Because of this attack on Solarwinds, and as a part of our ongoing continuous improvement in cyber security and managed services, we are examining alternatives to SolarWinds to align with our digital strategy as a Microsoft Gold Partner.
What if you are still concerned?
It is possible that this event will be exploited by other opportunistic cyber actors and we are happy to provide advice and guidance on this issue. If you use the SolarWinds Orion product, then we have specialists in incident response and forensics to assist with identifying and containing cyber threats and restoring your business technology.
Keep an eye on our Latest Updates feed for further cyber security announcements.