National Cyber Security Centre
NCSC statement on incident affecting FireEye
The latest statement from the NCSC following the reported incident affecting FireEye.
An NCSC Spokesperson yesterday said:
“The NCSC is working closely with FireEye and international partners on this incident.
“Investigations are ongoing, and we are working extensively with partners and stakeholders to assess any U.K. impact.
“The NCSC recommends that organisations read FireEye’s update on their investigation and follow the company’s suggested security mitigations.”
We recommend that organisations ensure any instances of SolarWinds Orion are configured according to the company’s latest guidance and have these instances installed behind firewalls, disabling internet access for the instances, and limiting the ports and connections to only what are critically necessary.
FireEye has published a blog updating on its investigation, which states that the company’s network was breached due to a flaw in the Orion network monitoring product from SolarWinds and provides security mitigations for this flaw. We recommend that organisations read the blog and follow the suggested mitigations where relevant.
We recommend that organisations read SolarWinds’ Security Advisory on this issue for more guidance on mitigations.
Microsoft has published a new blog on this attack outlining the steps that government and the private sector can take to protect themselves from this kind of cyber attack.
Latest News from
National Cyber Security Centre
Joint Advisory: Exploitation of Accellion File Transfer Appliance24/02/2021 15:30:00
Cyber security organisations in the UK, USA, Australia, New Zealand, and Singapore publish advice to defend against malicious cyber actors.
NCSC consolidates advice on secure home learning23/02/2021 13:15:00
Three tailored blogs to help manage remote education technology safely.
UK supports US charges against North Korean cyber actors18/02/2021 11:10:00
Indictment charges individuals with involvement in hacking and fraud conspiracy
Schools recognised by cyber experts for first-rate teaching16/02/2021 11:15:00
14 schools and colleges across the UK are the latest to receive CyberFirst Schools status for their excellent cyber security teaching.
Thousands of girls take on codebreaking puzzles in bid to win UK cyber security crown12/02/2021 14:15:00
The 2021 CyberFirst Girls Competition saw over 6,500 students take part, teams now go through to the online semi-finals in March.
Scottish schoolgirls succeed in UK cyber security competition12/02/2021 12:12:00
Pupils at nine schools in Scotland have been successful in reaching the semi-final stage of the 2021 CyberFirst Girls Competition, run by the NCSC.
New UK Cyber Security Council to be official governing body on training and standards09/02/2021 14:22:00
The government has set up a new independent body to boost career opportunities and professional standards for the UK’s booming cyber security sector.
Cyber innovators help protect UK connected places03/02/2021 11:15:00
The latest NCSC Cyber Accelerator cohort has been announced.