Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we are exploring the concept of supply chain cybersecurity in a time when there is a rising number of third-party cyberattacks.

In December 2020, the U.S government announced that it fell victim to what is believed to be the largest security breach in the nation's history. The breach occurred through an innocuous IT update from the Government's network monitoring vendor, SolarWinds. This monumental breach exposes a novel and powerful method of clandestinely penetrating even the most sophisticated security defenses through third-party vendors - supply chain attacks.

Following the attack on FireEye, the US Department of Homeland Security (DHS) has issued an Emergency Directive (ED) regarding a backdoor being exploited in SolarWinds Orion products, versions 2019.4 through 2020.2.1 (inclusive). Based on file signatures, FireEye considered this campaign to have started around March 2020, potentially affecting up to 18,000 organization worldwide.

The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.