December 18, 2020
SolarWinds Breach Announcement
On December 13th news broke of a significant security breach at SolarWinds. Since that time Bankers’ Bank has been assessing any potential risks to Bankers’ Bank and our clients. Bankers’ Bank does not use the SolarWinds solution and it does not exist on our infrastructure. In addition, we are actively communicating with our critical vendors to identify any that may use the SolarWinds solution and assess any risk that may create in their environments. To date we have identified a small number of vendors that use the SolarWinds solution, none have identified any known active risk. Bankers’ Bank will continue to work with our vendors and send updated notifications regarding any relevant risk information that is gathered.
Who is SolarWinds?
SolarWinds is an American company that develops software to help businesses manage their networks, systems and information technology infrastructure[1]
What is the SolarWinds Breach?
Pulled from Solarwind’s website: SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.[2] See the full advisory; https://www.solarwinds.com/securityadvisory.
We have noted that various regulatory agencies, state and federal, have commented on the severity of this breach and the criticality of mitigating any associated risk. The language has been strongly worded around ensuring immediate review and action to be taken by financial institutions to determine any internal and vendor risk that may be present due to the breach.
Bankers’ Bank is committed to cyber security and have an active risk management program that includes network monitoring and patching, vendor management, and business continuity planning and testing. We will continue to evaluate and monitor the situation and communicate as new information becomes available. If you have any questions, please reach out to your Correspondent Banker.
[1] Wikipedia