![]() ![]() It laid bare how extensive the fallout can be from so-called supply chain attacks, when attackers compromise widely used software at the source, in turn giving them the ability to infect anyone who uses it. To say the SolarWinds attack was a wake-up call would be an understatement. It was a thread that would unspool into what is now known as the SolarWinds hack, a Russian espionage campaign that resulted in the compromise of countless victims. Sophisticated hackers had silently slipped into the company's network, carefully tailoring their attack to evade the company's defenses. Learn more.A year ago today, the security firm FireEye made an announcement that was as surprising as it was alarming. Want to learn more about keeping your mobile workforce cyber secure?Īnother recent hack could be putting your business and customer data at risk. Email to schedule a free cybersecurity review with our Cyber Response Team. UNCOMN is here to help you and your company through this uncertainty. What Can Be Done to Protect Impacted Businesses? It is important to ensure that if you use SolarWinds products that immediate action is taken to ascertain the impact on your business and begin remediation activities immediately. This threat should be taken with all seriousness. This means that although you might clean up one area that you believed to have the infection, chances are there are other infections that need to be dealt with.Įven more nefarious, this hack most likely started in March / April 2020 as software patches from SolarWinds rolled out to their customers resulting in a 6 – 8 month head start on any remediation work. It is important to know that although the hackers used a malware package called “Sunburst”, once they are inside a network, the hackers will deploy multiple different malware tools to secure a foothold. See the FireEye blog post for significantly more technical explanations of how the malware gets installed, what other malware is being deployed once a system is breached, and how to detect traffic patterns in your network that indicate you have been hacked. – Look for single systems making connections using different accounts. – Check logs for SMB sessions that show access to legitimate directions and follow a delete-create-execute-delete-create pattern in a short amount of time. Where to Find Technical Descriptions of the BreachįireEye, one of the global leaders in detecting and hunting cybercriminals and one of the many victims of the SolarWinds breach, has offered the following advice via their blog ( ): – Identifying and removing all threat-actor controlled accounts. – Blocking all traffic to and from the hosts where any version of SolarWinds Orion has been installed. – Disconnecting or Powering Down SolarWinds Orion products (v2019.4-v2020.2.1). The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive 21-01 ( ) which hopes to help guide Federal agencies through mitigation strategies that include: UNCOMN partner Nick Powers explained the situation to Michael Calhoun on the KMOX Total Information AM news show in December. Today, many organizations are trying to pick up the pieces, determine if they have “bad actors” in their networks, and figure out how to remediate the damages that this supply chain hack has done to their business. As a result, it will be difficult to find and prevent hackers from exfiltrating (stealing) information from the networks. Unfortunately, because of the nature of the software–requiring it to be installed on a high number of machines– a hack like this will provide access to countless devices across entire enterprises. This software is a valuable ally to system administrators tasked with doing more with less and preventing infrastructure failures. SolarWinds Orion is a software platform that relies on agent software being installed on servers, network devices, and other infrastructure to monitor and report on performance and other issues. ![]() How Can One Hack Impact More Than 18,000 Organizations? Soon thereafter, SolarWinds itself announced that up to 18,000 customers of its software platform had been impacted by software patches that were tainted by the alleged Russian hacker group behind the attack, CozyBear. The hack stemmed from malware injected into government networks from a network and performance monitoring software. It has been several weeks since the Federal Government announced the massive breach utilizing software from SolarWinds. ![]()
0 Comments
Leave a Reply. |