HCL SW Blogs
Select Page


In an announcement on Monday by SolarWinds, our community learned that its Orion software has served as the unwitting conduit for an international cyberespionage operation. SolarWinds reported that hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers which may have begun as early as Spring 2020. Although the full extent of the damage is still unknown, breaches have been reported.

Urgent action is necessary

SolarWinds has over 300,000 customers worldwide, and we believe this to be an extremely pervasive threat. Alerts for commercial and governmental organizations related to this event have been issued by SolarWinds, FireEye, SANS, US-CERT, and the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS).

CISA at DHS has identified an intrusion related to SolarWinds Orion products (versions 2019.4 through 2020.2.1 HF1) in the latest Emergency Directive. These versions are currently being exploited allowing malicious attackers to gain access to network traffic management systems. The Emergency Directive provides detailed actions required by government agencies using the Orion software.

IT and Security teams using BigFix can quickly determine which systems have Orion software installed, detect if compromised versions of Orion are present, and help isolate infected systems. More information about how to detect indicators of compromise using BigFix are provided here: https://forum.bigfix.com/t/dhs-emergency-directive-21-01-solarwinds-thread/36420.

If infected systems are found, DHS is recommending that systems be turned off until forensics are completed including determining if a breach has occurred. Once completed, DHS is recommending that systems be rebuilt from ISO images. Organizations can prepare for this effort or begin provisioning new systems using established tools such as BigFix Lifecycle.  Again, refer to the DHS Emergency Directive to understand the actions required by government agencies and departments. Commercial customers may also refer to Microsoft’s Customer Guidance on Recent Nation-State Cyber Attacks. 

How BigFix helps to address this threat now

The global BigFix community is working together to continuously refine the approach to this threat. Follow the latest at https://forum.bigfix.com/t/dhs-emergency-directive-21-01-solarwinds-thread/36420.  Working with security professionals across industries, the community has rapidly identified and proven methods for using BigFix to report on SolarWinds installations and vulnerable versions and detect malicious Indicators of Compromise (IoC) related to this vulnerability. New insights and approaches are being included as the situation unfolds.

Our clients can rest assured that HCLSoftware does not have the compromised versions of SolarWinds Orion in its environment, nor do we know of any HCL contractors or vendors who use SolarWinds Orion. None of the tools used by HCL BigFix have been impacted by the reported breach at SolarWinds or FireEye. As a result, our ability to deliver products and services to our valued customers have not been impacted.  We remain vigilant in maintaining data security and securing our systems.

Every day, BigFix provides deep insights into potential exposure or compromise

BigFix is regularly used to provide deeper insights into vulnerabilities and threats as well as implementing remediations in near real time.  BigFix provides methods to immediately identify and detect systems that may be vulnerable, continually analyzes your systems to identify any newly affected systems, provides historical reporting on software installations and removals to help determine the window of exposure, can validate security policies that identify whether and when specific security controls were modified or disabled by an attacker, and can deploy operating systems or image systems to rapidly recovery your systems.


For more information about BigFix capabilities, visit www.BigFix.com or contact your HCLSoftware Specialist or your BigFix Technical Advisor.

Comment wrap
Further Reading
Consolidating tools can help in uncertain economic times
Automation | March 27, 2023
Consolidating Tools Can Help in Uncertain Economic Times
“IT tool consolidation” refers to the process of streamlining an organization's technology stack by reducing redundancies and consolidating similar tools into a single platform.
BigFix on Cloud
Automation | February 20, 2023
Accelerate Your Endpoint Management with BigFix on Cloud
As endpoints continue to grow in volume and diversity, managing and securing them has become more complex and time-consuming.
Oracle Increases Prices for Java
Automation | February 8, 2023
Oracle Increases Prices for Java – Look to BigFix for a Solution
To help our customers navigate this Oracle change, BigFix Inventory can identify which machines have Oracle Java to avoid unexpected license compliance issues.
Filters result by