Close

Search Results

Sorry we couldn't find any results for you.

To find more of our people, please search using the ‘People’ option at the top.

    Loading search results

    Skip to Content

    Beazley Cyber Insight - SolarWinds

    Over the past year we have seen significant changes to the cyber risk landscape. Ransomware has grown in frequency and severity and extortion demand amounts have risen, resulting in costly business interruption losses. Cyber attacks have no boundaries and are truly a global issue and all too often can be avoided with the right IT security and risk management procedures.

    As a leading cyber insurer, we have seen an upward shift in the underlying exposure and more of our clients are in need of our expert advice and support. We have invested in a number of tools to help better identify and correct vulnerabilities and have access to data, expertise and insight to address these risks proactively.

    News that threat actors had succeeded in compromising the popular SolarWinds Orion IT management platform sent shockwaves through the cybersecurity community in December. Many organizations were concerned that their networks may have been exposed, as such sophisticated exploits can have far-reaching effects.

    The aftermath of SolarWinds is continuing to evolve as the Cybersecurity and Infrastructure Security Administration (CISA) warned that threat actors were exploiting initial access and moving into Microsoft cloud environments.

    As frequency and severity of cyber events continues to rise, our goal remains − to improve overall risk management of our clients by raising the standards to better detect, prevent and respond to these events. We encourage you to review the following resources and best practices and cyber & tech clients should register for our risk management portal and take advantage of the resources at  beazleybreachsolutions.com/cyberinsight.

    On December 13, SolarWinds warned of highly sophisticated, manual supply chain attack on its widely used IT monitoring and management platform, SolarWinds Orion. Threat actors were able to modify certain SolarWinds software updates to distribute malware. Known as “SUNBURST,” the malware creates a significant vulnerability in the systems of organizations that installed the updates. By exploiting the vulnerability, threat actors can install ransomware or additional malware, steal data from the network, obtain access to network resources, and install backdoors for remote access.

    Secure Microsoft cloud environments

    Early in January, CISA further warned that threat actors were exploiting unauthorized access to on-premises networks, whether obtained through the SolarWinds Orion compromise or through vectors such as phishing, to pivot into Microsoft cloud environments. Tactics include compromising or bypassing identity solutions, using forged authentication tokens, and using privileged access to establish persistence. FireEye has published additional technical guidance and released a tool that organizations can use to audit their Microsoft Azure Active Directory (AD) for indicators related to these attacks.

    Manage supply chain risks

    Even if your clients were not directly affected by the SolarWinds Orion supply chain attack, their vendors and suppliers may have been. Understanding risk requires your clients to undertake effective vendor due diligence. They will want to identify vendors who may be at risk, determine whether their data or IT resources may have been accessed, and vet their vendors going forward.

    Resources

    Sign up for Beazley updates