PREPARING FOR THE NEXT “SOLARWINDS” EVENT
TLP WHITE
Health-ISAC / AHA Threat Intelligence
STRATEGIC THREAT INTELLIGENCE:
PREPARING FOR THE NEXT “SOLARWINDS” EVENT
Health-ISAC, in cooperation with the American Hospital Association, has published our Strategic Threat Intelligence: Preparing for the Next “SolarWinds” Event report, which focuses on the key characteristics contributing to many enterprise network compromises, including the recent SolarWinds Orion incident.
The paper is meant for all audiences, non-technical and technical, as it presents strategic level decision elements that senior leaders including C-Suite Executives can use to help understand the risks involved with certain enterprise IT systems in their network environment. The intelligence also provides detailed technical analysis and recommendations for IT and information security teams to help address immediate concerns by providing tactical mitigations and recommendations. For our technical audience, this paper presents a detailed analysis of characteristics that allowed the SolarWinds incident to affect multiple industries, organizations, and systems.
The ability to extract the characteristics and features of SolarWinds could allow organizations to predict and hopefully prevent the next “SolarWinds”-like event in their enterprise environments.
Key topics from the report include:
- — Executive Summary
- — SolarWinds – Characteristics that made the attack possible
- — Other examples from the past
- – HP OpenView (2009)
- – Wannacry (2017)
- – Petya and NotPetya (2017)
- – SAP Solution Manager (SolMan) (2021)
- — Technical Recommendations
- — Recommendations from Health-ISAC and AHA
- — Resources
References:
Bleeping Computer, GitHub, cisa, Core Security, DHS, NIST-NVD, Health-ISAC, Network World, phe, Microsoft, Health-ISAC, cisa, Health-ISAC, ZDNet
- Related Resources & News
- Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%