One of the biggest hacks of 2020

December 13, 2020 Video Bytes Leave a comment 382 Views

Date: 13^th December 2020

Severity: High

Headlines: SolarWinds Hack concluded as one of the biggest targeted attack against US Govt. & it’s agencies which has also impacted the private companies.

FireEye, a cyber security firm, initially discovered this global supply chain attack which weaponized the software update associated with SolarWinds Orion in order to distribute a backdoor known as SUNBURST.

Once the update is downloaded, the backdoor lies dormant for 12 to 14 days and post that, it runs in the environment where it can stay in stealth mode without getting detected.

Backdoor uses multiple blocklists to identify forensic and anti-virus tools running as processes, services, and drivers. Backdoor has the ability to execute files, transfer files, profile the system, reboot the machine, and disable system services.

According to SolarWinds, more than 18,000 customers might be the potential victim; further as per FireEye update, 50 of the 18,000 organizations confirmed to has installed malicious SolarWinds Orion code into their network were “genuinely impacted” by the campaign.

As per the report, attack also compromised Microsoft 365 accounts of SolarWinds.

Later, 11 days after revealing this major breach, SolarWinds has updated its flagship Orion software.

CrowdStrike in one report mentioned that Sunburst hack also tried to breach its systems earlier this year, firm said it was alerted by Microsoft on 15th December where attempt of attack was failed.

That is it for now about SolarWinds hack, research continues and more to come on the modus operandi of this hack.

Recommendation:

Considering today’s evolving threat landscape and attack vectors which abuses the route of your trusted source, a stronger and coordinated response is important alongside all the technical defenses; You must ensure:

Your security framework clearly defines a strong and coordinated response strategy with due responsibility, action plan, escalation and communications.
Testing of Incident response plan are being done on a defined periodic frequency to check its effectiveness and area of improvement.
Patch Management should include scanning for abnormalities aside to effective Testing and Rollback mechanism.
Aside to deployment of Next-generation security solution at all the layer of Infrastructure, ensure you have the right solution for orchestration, analytics and correlations of all the logs and events for anomaly detection.

“Zero Trust is not a product. It is a philosophy and a model.” – Zoe Lindsey

WhitehatGuru

One of the biggest hacks of 2020

Related Articles

Check Also

More than 3,00,000 Spotify accounts hacked

Leave a Reply Cancel reply

Thwarting XSS!

Online Safety: Things to Do & Things to Avoid

Understanding IP datagram – the easy way

Learn to Love your Log files

Cracking wireless Network WEP protection

Hiring for Computer Engineers McKinsey’s way

SpyShredder : Manual Removal Instruction

Orkut has banned you fool! The administrators didn’t write this program guess who did?

Microsoft Updates:Fix Nine Security Holes

Manually Removing MyDoom/W32/W32.Novarg.A-mm

Data Breach at Canadian financial service firm Desajardins

Thwarting XSS!

Cracking wireless Network WEP protection

Global Meat Processing giant JBS shuts down owing to cyberattacks

The Ghost In The Browser

Facebook, WhatsApp, Instagram apps were down for nearly 6 hours

2 Big eye care providers hit by hackers resulting in Data breach

Man sentenced for 12 years in AT&T ‘Unlocking’ Scheme

Hackers access personal data of 79,400 customers of local mobile operator and internet service provider in Singapore

WhatsApp has been fined with a penalty of 225 million Euros for violating European Union Data protection law