Despite recent cyber-attacks at some of the world’s largest organizations, it is business as usual in the CPI data center. In December, at least 200 organizations around the world were affected by the attacks. CPI is not one of them.
The cyberattacks that led to the federal breaches that also affected many organizations in the private sector have been attributed to known Russian intelligence hacking suspects, Berserk Bear & Cozy Bear. The attacks exploited software from at least three major U.S. companies: VMware, SolarWinds, and Microsoft.
According to Reuters and msn.com, a supply chain attack on Microsoft cloud services provided one way for the attackers to breach their victims, depending upon whether the victims had bought those services through a reseller.
A supply chain attack on SolarWinds’s Orion software, widely used in government and industry, provided another avenue, if the victim used that software, according to Slate and the Washington Post.
Per securityweek.com, flaws in Microsoft and VMWare products allowed the attackers to access emails and other documents, which led to federated authentication across victim resources via their single sign-on infrastructure.
Vulnerabilities in VMware Access and VMware Identity Manager, allowed existing network impostors to pivot and gain permanence, according to Bloomberg. CPI does not utilize VMware Access or VMware Identity products, so this did not affect CPI’s virtualization stack.
Understandably, our customers have expressed some concerns and have inquired if any of these hacks have affected CPI business, the CPI data center, or any customers housed or connected to the CPI data center. We are happy to report that CPI’s answer is a resounding NO. Here are some questions we are happy to address:
1. Has CPI been impacted by the recent cyberattacks or outages?
Answer: No
2. What is the nature of the impact to CPI as a result of the cyberattacks and outages?
Answer: The cyber-attacks have had no impact to our network, IT operations, or security products.
3. Does it affect critical services delivered to clients?
Answer: No
4. Does CPI have an incident investigation and response plan in place?
Answer: The incidents did not require implementation of the measures proscribed in the policy.
5. Who is a point of contact who can answer additional queries?
Answer: CPI has a dedicated security team that is happy to answer any questions. Feel free to contact CPI support center.
6. Has CPI amended existing controls, or implemented new controls to resolve and mitigate the impact the cyber-attack has had on the business?
Answer: CPI is awaiting investigation findings and disclosure of the supply-chain attacks and will implement any additional best practices that may come out of the discovery.
7. If controls are unable to be implemented, is the organization able to implement compensating controls or methods to avoid future cyber-attacks?
Answer: CPI will continue to implement business best practice to avoid any cyber-attack.
Additionally, Google also experienced a significant outage in December. On December 14th, Google announced “Today, (Monday) at 3:47AM PT Google experienced an authentication system outage for approximately 45 minutes due to an internal storage quota issue. Services requiring users to log in experienced high error rates during this period…” The Google services affected were YouTube, Google Meet, Hangouts, Google Maps, Google Docs, Google Drive and Google Calendar. Although CPI utilizes all these services, it had no effect on our regular business practices.
CPI’s security team is well-informed and equipped to remain vigilant and dynamically prepared for any attacks. Our CJIS compliant and Nlets audited Tier III+ data center remains secure and will continue to get security upgrades to hardware and software as necessary.
For more on CPI’s Software as a Service housed in CPI’s data center, please visit https://www.openfox.com/products/saas-hosting/
