Date: 13th December 2020
Headlines: SolarWinds Hack concluded as one of the biggest targeted attack against US Govt. & it’s agencies which has also impacted the private companies.
FireEye, a cyber security firm, initially discovered this global supply chain attack which weaponized the software update associated with SolarWinds Orion in order to distribute a backdoor known as SUNBURST.
Once the update is downloaded, the backdoor lies dormant for 12 to 14 days and post that, it runs in the environment where it can stay in stealth mode without getting detected.
Backdoor uses multiple blocklists to identify forensic and anti-virus tools running as processes, services, and drivers. Backdoor has the ability to execute files, transfer files, profile the system, reboot the machine, and disable system services.
According to SolarWinds, more than 18,000 customers might be the potential victim; further as per FireEye update, 50 of the 18,000 organizations confirmed to has installed malicious SolarWinds Orion code into their network were “genuinely impacted” by the campaign.
As per the report, attack also compromised Microsoft 365 accounts of SolarWinds.
Later, 11 days after revealing this major breach, SolarWinds has updated its flagship Orion software.
CrowdStrike in one report mentioned that Sunburst hack also tried to breach its systems earlier this year, firm said it was alerted by Microsoft on 15th December where attempt of attack was failed.
That is it for now about SolarWinds hack, research continues and more to come on the modus operandi of this hack.
Considering today’s evolving threat landscape and attack vectors which abuses the route of your trusted source, a stronger and coordinated response is important alongside all the technical defenses; You must ensure:
- Your security framework clearly defines a strong and coordinated response strategy with due responsibility, action plan, escalation and communications.
- Testing of Incident response plan are being done on a defined periodic frequency to check its effectiveness and area of improvement.
- Patch Management should include scanning for abnormalities aside to effective Testing and Rollback mechanism.
- Aside to deployment of Next-generation security solution at all the layer of Infrastructure, ensure you have the right solution for orchestration, analytics and correlations of all the logs and events for anomaly detection.
“Zero Trust is not a product. It is a philosophy and a model.” – Zoe Lindsey