NCSC statement on incident affecting FireEye

14 Dec 2020 01:54 PM

The latest statement from the NCSC following the reported incident affecting FireEye.

Image of an antivirus alert on a desktop computer

An NCSC Spokesperson yesterday said:

“The NCSC is working closely with FireEye and international partners on this incident.

“Investigations are ongoing, and we are working extensively with partners and stakeholders to assess any U.K. impact.

“The NCSC recommends that organisations read FireEye’s update on their investigation and follow the company’s suggested security mitigations.”

Further information

We recommend that organisations ensure any instances of SolarWinds Orion are configured according to the company’s latest guidance and have these instances installed behind firewalls, disabling internet access for the instances, and limiting the ports and connections to only what are critically necessary.

FireEye has published a blog updating on its investigation, which states that the company’s network was breached due to a flaw in the Orion network monitoring product from SolarWinds and provides security mitigations for this flaw. We recommend that organisations read the blog and follow the suggested mitigations where relevant.

We recommend that organisations read SolarWinds’ Security Advisory on this issue for more guidance on mitigations.

Microsoft has published a new blog on this attack outlining the steps that government and the private sector can take to protect themselves from this kind of cyber attack.