Solarwinds Orion Cyber Attack

*UPDATED 17/12/2020

The Fully Managed team has become aware of a security incident that is impacting government departments in the United States. As with all such large security incidents, Fully Managed checks for any impact on our internal systems, or those utilized by our clients.
 
The security incident in question has brought to light a vulnerability in the Solarwinds Orion product.  Fully Managed does not use Solarwinds Orion in any way, including the monitoring or support of any of our clients. We do not believe at this time that any Fully Managed clients are at risk from this security incident but are continuing to monitor the information outlets as new information is released.
 
As a matter of process, Fully Managed continually monitors industry news for security incidents, evaluating each one to ensure we are protecting both our own environment and those of our customers.
 
Should anything change in this evolving story which may result in risk to your own company’s environment, Fully Managed will reach out to you directly. 
 
Fully Managed Clients should reach out to your Account Manager if you have any questions in the meantime.
 
Additional links/information:

• https://www.reuters.com/article/us-usa-solarwinds-cyber-idUSKBN28N0Y7 

• SolarWinds said software updates it released in March and June of this year may have been surreptitiously tampered with in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.” 
  • https://www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive/u-s-treasury-breached-by-hackers-backed-by-foreign-government-sources-idUSKBN28N0PG

• SolarWinds Official Statement: https://www.solarwinds.com/securityadvisory
   

US Cyber Command Directive Statement: https://cyber.dhs.gov/ed/21-01/
 

UPDATE:
From Fully Managed's perspective, nothing has changed in terms of potential impact to our customers - as Fully Managed does not use SolarWinds Orion in any way, including the monitoring or support of any of our clients. We are continuing to monitor the situation however and as a proactive step we will be updating our monitoring tools over the next few days.

What this means to you:
There should be no interruptions or outages on your end during these proactive updates. Again, please note that this is purely a precautionary update and no product that Fully Managed uses with our customers has been affected by the attack. 

As always we strive to be as proactive and transparent about any type of upgrade or threat as we can.  Please don’t hesitate to contact your account manager or Virtual CIO with any questions or concerns you may have.