“Another big federal agency has apparently escaped unscathed from the SolarWinds hack.”
“Leaders from the Department of Veterans Affairs told Congress on Thursday they are now confident that none of their data was compromised, even though the company’s Orion system had a prominent presence throughout VA’s IT networks.”
“The platform that Russian government hackers managed to infiltrate with a malicious software update played a huge role in VA networks at the time of the hack, and still does, now that it’s been patched to remove the threat. According to SolarWinds, VA was using ten different instantiations of Orion to monitor all four of its internet gateways and tens of thousands of endpoints across its sprawling IT network.”
“Paul Cunningham, VA’s chief information security officer, said the department’s Orion systems did indeed download and install the automatically-delivered patch that contained the Russian-made backdoor. But he said he is now ‘very confident’ that hackers never managed to make use of it on VA networks before the problem was fixed.”
“’The period of time between when we recognized that we had a problem and the time we were able to bring all of our SolarWinds instances down was about 12 hours. Across this complex environment, that’s really a testament to VA’s capability from an operational perspective,’ he told the House Veterans Affairs Committee Thursday. ‘We installed all of the indicators of compromise, we replayed our NetFlow data looking for any other indicators that would identify that maybe an attacker used those vulnerabilities before we received the indicators, and there was no evidence of that…'”
“But even if VA can breathe a sigh of relief over the specific SolarWinds incident, its overall cybersecurity posture is still fairly weak and not improving quickly enough, according to the agency’s inspector general…” Read the full article here.
Source: Veterans Affairs says no evidence of data loss from SolarWinds hack — By Jared Serbu, May 21, 2021. Federal News Network.
