HAUPPAUGE, NY – As news of the SolarWinds hack rocks the cyber security community, some companies have taken it upon themselves to provide new tools to combat cybercriminals. The New York based Stetson Cybergroup is sharing a script via GitHub that can download the Yara rules created by FireEye to detect indications of compromise (IoC).
“As soon as we heard about the breach and the potential impact, we immediately started working on a specific tool to run internally to detect the indications of compromise, or IoC’s, on our network and the clients we serve.”
The SolarWinds breach exposed thousands of clients in sensitive industries including Fortune 500 companies and government agencies. Among those who have acknowledged a data breach are the U.S. departments of Treasury and Commerce. SolarWinds claims that 18,000 of its 300,000 customers had downloaded the malicious code into updated versions of Orion, a network safety tool.
Stetson Director of Cybersecurity Operations Joe Wagner cautioned,
“With an exploit in the wild like this, everyone should have access to a quick and easy way to determine if they have been compromised. We need to stop the bleeding. We need to find out how deep this got into our infrastructure, to make sure it is contained.”
The Stetson Cybergroup will continually update its detection tool with any new IoC’s that are discovered. For more information and links to the Stetson Cybergroup’s downloads go to SolarWindsIoCScanner.