SolarWinds Breach: What you need to know

SolarWinds, a popular IT security vendor with 300,000 global customers (including many small to medium size businesses and their Managed Service Providers), has suffered a major compromise.
If your organization uses the SolarWinds Orion Platform, READ ON. If you’re not sure, ask someone in your organization that does.
Even if you don’t use the SolarWinds Orion Platform, one of your business partners may be among the 18,000 organizations potentially affected by this breach. 

SolarWinds, a popular IT security vendor with 300,000 global customers (including many small to medium size businesses and their Managed Service Providers), has suffered a major compromise.
If your organization uses the SolarWinds Orion Platform, READ ON. If you’re not sure, ask someone in your organization that does.
Even if you don’t use the SolarWinds Orion Platform, one of your business partners may be among the 18,000 organizations potentially affected by this breach. 

We strongly recommend you contact all business partners with whom you share sensitive business information or allow access into your IT environment to ensure that, if they use the affected platforms, they are taking the recommended actions below.

If you are allowing an affected partner access into your IT environment, we recommend disabling that access until the issue has been remediated.

Indeed, the Cybersecurity and Infrastructure Security Agency (CISA) has advised everyone that uses the SolarWinds Orion monitoring software to assume they’ve been “compromised by threat actors and assume that further persistence mechanisms have been deployed.”

What Happened?
The compromise allowed hackers to inject malicious code into legitimate software released by SolarWinds for its Orion platform, a suite of network management tools.

This malicious code is a backdoor that communicates with command-and-control servers operated by a malicious third party.

This supply chain attack has been connected with the recent FireEye and U.S. Department of Homeland Security (DHS) hacks.

Affected organizations may have been compromised by malicious hackers as early as May 2020.

What/Who is Affected?
The compromised platforms are SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1.

The known affected products for these Orion Platforms are:

  • Application Centric Monitor (ACM)
  • Database Performance Analyzer Integration Module*(DPAIM*)
  • Enterprise Operations Console (EOC)
  • High Availability (HA)
  • IP Address Manager (IPAM)
  • Log Analyzer (LA)
  • Network Automation Manager (NAM)
  • Network Configuration Manager (NCM)
  • Network Operations Manager (NOM)
  • Network Performance Monitor (NPM)
  • NetFlow Traffic Analyzer (NTA)
  • Server & Application Monitor (SAM)
  • Server Configuration Monitor (SCM)
  • Storage Resource Monitor (SRM)
  • User Device Tracker (UDT)
  • Virtualization Manager (VMAN)
  • VoIP & Network Quality Manager (VNQM)
  • Web Performance Monitor (WPM)

SolarWinds said Orion update versions 2019.4 through 2020.2.1 (released between March 2020 and June 2020) also contain the malware.
If your organization uses any of the affected Orion affected platforms/products, we recommend you immediately investigate what versions you are running and take the below steps.

What to Do 
Affected organizations should immediately power down or disconnect from their network SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1.

SolarWinds recommends the following immediate actions.

  • All customers with any of the above affected products for Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion Platform version 2020.2.1 HF 2 as soon as possible. This version is available here.
  • SolarWinds asks customers with any of the below products listed as known affected for Orion Platform v2019.4 HF 5 to update to 2019.4 HF 6, which is available for download here.
  • The hotfix release 2020.2.1 HF 2 is now available in the SolarWinds Customer Portal at
  • All customers should update to release 2020.2.1 HF 2, as this release replaces the compromised component and provides several additional security enhancements.

If you cannot upgrade immediately, SolarWinds recommends installing your Orion Platform behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is necessary. For more information, read SolarWinds Orion Platform best practices configurations and the entire SolarWinds security advisory.

Cyber Tips, Tech

Happy Thanksgiving! Stay Safe With Our 5 Simple Cyber Tips!

We wish you all the best over the holiday season!

As Black Friday approaches, more people are shopping online than ever before, and consequently, scams and cyber-crime are skyrocketing. 

We would like to share our five useful tips to help identify and avoid cyber scams over the holidays.  

Any last minute submissions? We have underwriters working as usual over the holiday period so don’t hesitate to get in touch. 

Feel free to download and share!

Want more? Drop us an email, we would love to share our creative content with you. 

Node Chats

Node Chats: Raising Cyber Ethical Kids

“If kids have unfettered, unsupervised use of these smart devices, they’re playing in a global village.”

Cyberman365 edition! This episode we are changing it up with an episode centred around personal cyber risks your family may face.

Neil Gurnhill talks to Frederick Lane, attorney and author of multiple books on cybersafety, digital misconduct and personal privacy, about keeping your family safe in the digital age in the sixth episode of Node Chats.

Your podcast for all things cybersecurity brought to you by Node International, specialists in cyber insurance.

Watch the full episode here:

Cyber Threat Alert, Tech

Top Five Cyber Threats 2020

Where should you focus your cybersecurity efforts?

These top five threats are a good place to start:

Don’t let phishing scare you, this is an easily avoided cyber threat avoided by changing bad habits, learn more about it in our article here.

Ransomware worries? Discover personalised methods of attack to watch out for and everything else you need to know here.

Keep an eye out for the rest of our in-depth articles covering all five cyber threats individually.


Phishing, our biggest online threat to remote workers

Phishing is when you receive an email that tricks you into clicking on a link to a fraudulent website and then sharing private information, or opening a malicious attachment on your phone, tablet or computer.

If you trust the link you could be giving away your user names, passwords, Social Security numbers, bank details or installing malware, like viruses, spyware or ransomware on your device and at work you could be handing over access to your company and all their sensitive data.

Phishing is the top cybercrime in the US. In 2019, the FBI reported that it had claimed nearly 115,000 victims with victim losses at $57.8 million, an average of $507 per victim. 

Spotting the phishing attack

Don’t get complacent, the top branded security software (e.g. Norton, Bitdefender etc) are very good at taking out phishing emails before they hit your inbox. But, it’s a false sense of security as some still get through. In fact, in your personal life and as an employee, the next 100 emails you receive, possibly three or four will be phishing scam emails.

The most important golden rule. Change your mindset. Don’t trust emails and don’t click on a link in an email. I’m purposefully, stressing this as the golden rule, even though you think it to be too onerous and impractical. Nonetheless, for the next seven days examine every email (see tips below) and learn to change your mindset and start spotting phishing attempts. The extra time you spend on examining your inbox will build your confidence and you will feel much more confident about email management.

The only time you can trust an email is if it comes from an email address you recognise and the email doesn’t seem out of the ordinary. Even here, if it contains an attachment don’t click on it yet.

Make sure you double check the email address and not just the name. Give the sender a call if you are unsure. Malware is commonly passed between compromised emails accounts so even if the email address is correct that doesn’t mean someone else isn’t sending fraudulent emails from their account.

How to check for the signs of phishing. There are five signs:

  1. Poor grammar. As far as the US is concerned, most cyber criminals are based in overseas countries such as Russia, North Korea, Eastern Europe, China and Iran. For the majority, US English is a foreign language. They make spelling errors (although they have improved significantly in recent years) and make grammatical errors (much harder to improve upon). In fact, as you read the email you will make an on-the-spot judgement – this is well written, this is poorly written. If it is poorly written be wary.
  2. Suspicious logo. If the email is topped with the logo of a known trusted business or government department, then check it against the official website with a quick Google. False logos can have washed out colours, faded edges or imprecise proportions. In effect, it could be a poor copy and paste job. 
  3. Check the URL. Imagine you receive an email from NETFLIX containing a link. If you hover over the link (DON’T CLICK!) a small display will appear containing plus suffices. You’ve validated the email that it is from NETFLIX. Job done. Imagine it reported or then DO NOT click on the link. It’s false and belongs to a cybercriminal. In fact, any errors, whether spelling or design is a warning. Be super-cautious.
  4. Check the greeting. On my domestic accounts very rarely do I receive the greetings, ‘Dear customer’, ‘Dear subscriber’, ‘Dear friend’ or the more informal,’ Hi customer’, ‘Hi subscriber’. They say, ‘Dear Neil’ or ‘Hi Neil’. This is how customer-orientated domestic businesses tend to interact with their customers. Foreign cybercriminals make mistake ‘out-of-culture’ errors on greetings and/or sign offs. 
  5. Attachments. Legitimate companies don’t send attachments that you didn’t ask for and also would not request sensitive information via email.

If all are followed with the instruction to click on the link to learn more and/or correct the problem. Be super-cautious.


Ransomware 101 – An evolving threat

What is ransomware?

Ransomware is a digital crime where your computer files are ‘stolen’ and encrypted, blocking you from your computer. To gain access to your files you usually have to pay a ransom, normally in bitcoin. 

It takes an average of 3 seconds after clicking an infected link for ransomware to start encrypting your files at lightning speed according to Arctic Wolf Networks.

There are three steps:

  1. You receive a phishing email containing the ransomware link.
  2. The victim clicks on an infected link, the ransomware is delivered and starts encrypting files. 
  3. A screenshot will then appear on your screen announcing the ransomware infection, how much the ransom is and how it’s to be delivered to the criminal.

Whatever, the screenshot wording says, the message is GOTCHA!

Who are the victims?

Ransomware is an international phenomenon. Although the majority of cases are heavily focused in the US.

53% of Ransomware detections came from the US in June 2018 – 2019

Canada receives 10% and the UK 9% following the trend of targeting English speaking countries according to Malwarebytes’ global detection statistics.

46% of SMBs have been targeted by ransomware, 73% have paid the ransom.

Shocking figures from Infrascale, highlighting that smaller sized businesses are certainly not targeted less because of their size.

The History of Ransomware

Ransomware has changed its nature in the last few years. About ten years ago, ransomware was a simple scam based on fake antivirus apps leading to a payment to ‘fix’ the problem. 

Then, the fashion changed to ‘blockers’ or ‘lockers’ that locked the user out of their computers asking for payment to be unlocked. 

Now, the fashion is for ‘crypto-ransomware’ that not only locks you out of your files but also encrypts your files. You will likely have to pay a ‘ransom’ in bitcoins to get your files back.

Bitcoin has significantly increased the success and profitability of ransomware of criminals. By using a bitcoin ‘wallet’ for each attack, then moving these wallets through chains of wallets, the movement of money is outside the traditional financial system and anonymous.


Crypto-ransomware is very effective. It generally uses unbreakable encryption and if the user has no file backups then the only solution may be to pay the ransom. 

Even if you pay you may not get your files back – don’t forget you are dealing with anonymous criminals!

The near-majority of people pay the ransom. However, a significant minority of payers do not get their files restored or the restoration instructions are not complete or do not work.

The cost is also rising dramatically according to the Coveware Q2 Ransomware Marketplace Report and this trend is what we expect to continue seeing.

The average ransom payment increased by 184% from Q1 to Q2 this year, nearly tripling the cost from $12,762 to $36,295

How are ransomware attacks delivered?

Spam campaigns hit millions of users daily. Just 0.001% of these spams finding a victim still means high profits to the criminals.

A click-rate of only 0.001% (and lower) is still very profitable to the criminal – they sent out 10m spam emails. At 0.001% click-through rate, that’s over $100,000 of ransom returns!

The most common way of infection is by a person(s) simply clicking on a link in a botnet-delivered email. Some of these emails will be categorised as spam and others deleted by the recipient, however, the criminal plans on these deletions. 

Ransomware criminals are now becoming more expert, innovative and audacious with their tactics.

They are finding ways to stay out of the spam folder to increase their click rate by creating more believable personalised campaigns with a higher ransom cost.

Personalised methods of attack to watch out for

1.) Social media

The newer trend is to ‘personalise’ the email using data from social media sites. The criminal collects data from sites like Facebook or LinkedIn and searches for potential candidates. 

Or, they may buy or hire email lists of individuals in a certain target industry and/or profession. Sure, the criminal is spending time and money but they will get a higher click-through rate.

On a much-reduced spam email volume, they might net $250,000 or more.

2.) Impersonation of the government or a business

Further variations are emails from well-known organizations such as a delivery note from UPS, an alert from the IRS (Internal Revenue Service), a family post on social media and so on. 

3.) Downloads

These infections depend on spam emails getting through. A more reliable method for criminals is to get the recipient to download an infected work-relevant file containing a macro, which in turn delivers the ransomware. 

Within the download is a macro that may initiate the ransomware at a later date.

As the criminals say ‘‘job done’’, and then they wait to receive their $250,000 returns. 

4.) Exploit kits

Another mechanism, now becoming more common, is the trend of ‘exploit kits’. Typically, these are fake notifications to update a piece of software from a reputable software supplier, such as JavaScript or Adobe Flash. 

Although seemingly reliable as a source, the download leads to the ransomware being installed. 

5.) Iframes

Further variations are ‘iframes’ installed on web servers and the web pages on the server. The ’iframe’ directs website visitors to the exploit server, which downloads the ransomware. Variations are particularly harmful. For example, an advert placed on a popular website is an advert that directs to the exploit kit. 


Simply put, it’s based on one inadvertent and simple action. Someone clicks on an infected link on an email and/or website – stop this and you stop ransomware.

We understand that it’s not always that clear cut which is why we provide educational materials to our insureds and educational content to our followers in the hope that we can contribute to the creation of a cyber-risk aware world.

Node Chats

Node Chats – Are you weakest or strongest link?

We’re back with another episode of Node Chats, your podcast for all things cybersecurity.

Neil Gurnhill talks to Gabriel Friedlander, Founder of Wizer, about citizen cyber training in the second episode of Node Chats.

We cover remote job scams, how to teach your children to stay safe online and much more.

“You really have to educate people if you want to have a chance in fighting cyber crime.”

Gabriel Friedlander, Founder of Wizer

Wizer is a full security awareness platform with 1-minute videos, phishing simulation and gamification. Offering both free and optional paid add-ons for the community and employees alike.

Here are some quick tips on how to be cyber smart:

  • Use antivirus software.
  • Update your devices when needed.
  • Start questioning links, never click on a link you don’t trust.
  • Always use strong passwords— characters, numbers and letters.
  • Be careful what personal information you share, particularly on social media.
  • Teach children not to post or share personal information such as their photograph, address or age.

If you prefer just audio, make sure to check us out on other platforms:

Hit the follow button to be the first to know about the latest cybersecurity news.

If you’d still like to know more, comment or drop us a message, we’d love to hear what you think.


Cyberman365 is live!

We are very excited to be welcoming our first clients onto Cyberman365!

We strongly believe everyone should have the opportunity to improve and secure their digital wellbeing, and now you can!

Cyberman365 IDNotify – What is it?!

PROTECT your identity and so much more with our comprehensive monitoring of your personal data, whether financial, medical or social.

ALERT receive instant alerts via text or email if your data is used fraudulently.

RESOLVE with our ID Restoration and Insurance coverage when you need it most.

Some of our favourite features:
– Lost Wallet Protection
– Social Media Monitoring
– Dark Web Monitoring

Cyberman365 HomeSafe – What is it?!

PROTECT – Our system will simulate possible cyber attacks allowing us to uncover vulnerable access points for the connected devices in your home. HomeSafe monitors 24/7 for potential cyber threats.

ALERT – We will provide step by step instructions for you to improve your home network to further reduce your chances of a cyber incident.

RESOLVE – In the event of a security incident an expert human response team is on hand to take over the network and stop the attack. If damaged, HomeSafe will restore your device, network and data.

Our favourite feature has got to be how it finds vulnerable access points and tells you how to fix them at home! No additional costs or experts needed.

After months of hard work, we can’t wait to hear what you think about our service and hope you love it as much as we do.

Check out our brand new website:
If you have any questions, drop us a message.

Node Chats

Node Chat Podcast Launches!

We are proud to announce the launch of Node Chats, your podcast for all things cybersecurity.

Neil Gurnhill kicks us off with a hot topic, inviting David Kruse, Director of Business Development at Tetra Defense, to discuss the evolving nature of ransomware.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

A new organisation will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cyber Security Ventures)

This is a current, very real issue that affects large companies, small business and the everyday person.

Learn how to spot early signs that ransomware is on your network before encryption.

David talks about the factors that can influence early detection such as the level of information security systems that your company has in place to flag the invasion and the quality and skill of the person who compromised that network.

If you have a hacker that’s just a bull in a china shop and hasn’t quite figured out how to be more stealthy, you’ll see indicators of compromise all over the place.

David Kruse, Director of Business Development at Tetra Defense

Listen to the podcast for answers on everything ransomware, drop us a comment if you have any more questions and we’ll be happy to get back to you.

Don’t forget to subscribe to Node Chats and be the first to know about the latest cybersecurity news.

Find us on:


Business Activity Risk Profiling vs Scaremongering Will Increase Your Cyber Insurance uptake

The key to engaging with a potential client to discuss and provide cyber-risk insurance is to approach the discussions from their real business activities’ needs rather than any generalised knowledge they have gleaned from recent cyber-security threats or events reported in the national broadcast and newspaper media.

For example, most retail brokers engage too early in conversations about ‘hacking’, ‘denial of service’, ‘phishing’ and ‘social engineering’ and such like. As important as these topics are, it can often lead to a conclusion that the potential client has not been directly affected by these matters to date, therefore, they don’t need cover. Don’t forget the basic premise of insurance – it provides security for the future!

Our extensive experience at Node International, particularly in the USA and Europe, clearly tells us that the correct, and more successful, approach is to start with an evaluation of the potential client’s business activities.

For examples, each of these activities has a cyber-risk profile so even though the potential client has not dealt with (say) a denial of service attack, the fact that over 80% of their business depends upon an ecommerce website highlights the substantial cyber-risk. Or they are highly dependent on a supply chain and/or contractor, of which they know little about their cyber-risk policies, again highlighting their potential cyber-risk through the failures of others.

Taking this business activities profiling approach is a very logical systematic approach that engages the potential client. It is also quite simple to conduct. Start with a conversation about ‘mapping’ the high priority business activities and start introducing the question, ‘’What happens if…’’ Think of it as an ‘heat map’ of the business. When viewed overall, the client then sees the totality of cyber-risk they face. Then, the most effective cover can be assessed and priced accordingly.

It’s important not to think of early conversations as ‘selling cyber-insurance’ but providing an expert and value-added service to the clients. It is likely that they know very little about cyber-security and cyber-risk so building up the ‘heat map’ though sensible discussion helps the client. Nowadays, ‘helping the client to buy’ is far more effective than ‘selling’.

This is where Node International scores highly. As a wholesale broker and underwriter at Lloyds of London you can tap into our expertise and assistance. For example, by talking to one of our brokers before you go and see a client could help you tremendously. Even if you have never used Node International before, our brokers and underwriters are here to help you build your business.

Finally, lets step back a little. In the last two decades there has been a huge increase in businesses that are now dependent upon their technologies and digital capability. And, of course, the constant threat scenarios they face each day. From our experience, literally 99% of modern businesses (from small to large across all sectors) face at least one cyber-risk in their ‘heat map’. In effect, every business call you make is a potential satisfied client providing you approach it correctly and have a ‘value-added service’ at the forefront of your mind. As mentioned before, we can assist you with this essential skill.

1 2 3 4
Recent Comments
    About Node International

    We provide leading comprehensive insurance coverage combined with essential cybersecurity prevention and detection tools.

    Related Links
    Cyber Insurance Newsletter

    Interested in Cyber Insurance?

    Privacy Settings
    We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
    Consent to display content from Youtube
    Consent to display content from Vimeo
    Google Maps
    Consent to display content from Google
    Consent to display content from Spotify
    Sound Cloud
    Consent to display content from Sound