These attacks centered around compromised user credentials, weak password management policies, and endpoints without advanced protection. Cybercriminals gained access to user passwords and were able to easily compromise accounts.
Based on early reports, these attacks weren’t overly sophisticated—they could have been prevented with fundamental cyberhygiene practices. For starters:
- Enforce multifactor authentication (MFA) as a policy: These days, there’s simply no excuse to skip MFA. This is particularly true for high-risk employees and high-risk systems. This extra step can, in many cases, help to prevent unauthorized access.
- Enforce a strong password policy: The basics here apply—set strong requirements for passwords and encourage your customers to avoid re-using passwords across accounts. One of the easiest ways to do this is to get a corporate password manager to help make it easy for users to create and use strong, unique passwords. Additionally, a solution like SolarWinds® Passportal + Documentation Manager can help you grant and revoke access as needed and more easily enforce strong password rules across your customers and your own MSP business.
- Use advanced endpoint protection: One of the problems with this attack is that the attackers wormed their way in using remote desktop protocol (RDP). Since this is an internal system component, many traditional security solutions like antivirus won’t necessarily flag an issue. Advanced endpoint protection solutions like SolarWinds® Endpoint Detection and Response (EDR), powered by SentinelOne, use artificial intelligence and machine learning to detect anomalous behavior at the endpoint. If someone gets in via RDP and starts doing damage like deleting files in bulk, changing the system registry, modifying user account privileges, or reaching out to download a ransomware file, SolarWinds EDR is designed to discover and flag this (and help you prevent it).