What’s Happened?
There has been a massive and very sophisticated supply chain cyberattack, recently discovered in the US, allegedly perpetrated by an adversary nation-state using compromised Orion business software of US based IT management software firm ‘SolarWinds’, which was targeted against the US government, its agencies and several other private companies. This is now likely becoming a global cyberattack as various companies continue to analyse and discover their exposure and extent of hack.
How did it Happen?
This global intrusion campaign involved hackers compromising the infrastructure of SolarWinds through a series of events as mentioned below:
- The attackers gained access to elevated credentials through the vulnerable source code of the Orion platform of SolarWinds. The Orion Platform is used by US federal agencies and many Fortune 500 companies to monitor the health of their IT networks.
- Once in the network, the attacker acquires administrative permissions to forge trusted SAML tokens to impersonate any of the organization’s existing users and accounts and make API calls with the permission assigned to that application.
- The attackers further used this access to distribute trojanized software updates to SolarWinds customers. This trojanized component called SUNBURST is digitally signed and contains a backdoor that communicates with third-party servers controlled by the attackers.
- The backdoor was used to deliver a malware dropper called TEARDROP, which after an initial dormant period, started retrieving and executing commands by masquerading its network traffic and blending in with the legitimate SolarWinds activity.
- To avoid detection, attackers used temporary file replacement techniques to remotely execute their tools by following the delete-create-execute-delete-create pattern and keeping their malware footprint very low during lateral movement.
- As customers install this counterfeit update, the malware will attempt to resolve a Command and Control (C2) domain, mimicking normal SolarWinds API communications. Thus, compromising millions of machines across the globe successfully.
- Hacked networks were seen communicating with a malicious domain name registered under GoDaddy. avsvmcloud[.]com – was one of several domains the attackers had set up to control affected systems.
Mitigation Strategy
FireEye collaborated with GoDaddy and Microsoft to deactivate SUNBURST infections. Domain seizure was part of a collaborative effort to prevent networks that may have been affected by the compromised SolarWinds software update from communicating with the attackers.
The control over the domain was transferred to Microsoft and the domain was reconfigured to act as a “killswitch” that would prevent the malware from continuing to operate under some circumstances, i.e.: Depending on the IP address returned when the malware resolves avsvmcloud[.]com, the malware would terminate itself and prevent further execution.
The attacker infrastructure leaks its configured hostname in RDP SSL certificates, which is identifiable in internet-wide scan data. Therefore, uncovering the malicious IP addresses that may be masquerading as the organization.
Examination of SMB logs reveal the access to legitimate directories and follow a delete-create-execute-delete-create pattern in a short amount of time using variable file names.
SolarWinds issued a security advisory urging its customers to update to version 2020.2 HF 1 of its Orion Platform. It also released an additional hotfix 2020.2.1 HF 2 on Orion.
Recommendations
- We should consider mapping your attack surface since major business partners (Microsoft, CISCO, Intel) were compromised in the supply chain attack.
- Limit destinations on the edge, i.e.: DNS, proxy and think Zero-Trust networking.
- Threat Intel team to conduct threat hunts across the length and breadth of the corporate network and prioritize unusual activities logged during volumetric analysis of events.
- Sensor Management Team to alert on events by creating new SIEM rules based on the signatures revealed by FireEye, CISA and several public institutions to manage our attack surface better.
- SOC to monitor for intrusions and log events continuously and the Incident Response team to investigate as required.
- Vulnerability Management team to patch the SaaS applications regularly to prevent supply chain attacks.
- The need for security should be considered as a part of the vendor selection process.
As someone who just tried cbd products like cbd recovery representing the at the outset heyday, I requirement bring up I’m genuinely impressed! I’ve been hearing adjacent to CBD in place of or like cbd for sleep a while seldom, but I was a particle skeptical thither how it would touch me. I irrefutable to examine a small dosage of CBD fuel to reflect on if it would avoid with my chronic mix with pang and anxiety, and the results were more certain than I anticipated.
As someone who just tried cbd products like cbd recovery for the foremost heyday, I be required to say I’m genuinely impressed! I’ve been hearing nearby CBD in place of or like https://greenrevolutioncbd.com/product/cbd-cbg-tincture/ a while now, but I was a particle skeptical thither how it would affect me. I marked to have a stab a niggardly prescribe of CBD oil to appreciate if it would serve with my chronic ostracize distress and anxiety, and the results were more reliable than I anticipated.
As someone who principled tried cbd products like cbd recovery with a view the at the outset dilly-dally, I requirement bruit about I’m genuinely impressed! I’ve been hearing nearby CBD in search or like https://greenrevolutioncbd.com/choose-experience/cbd-for-energy/ a while seldom, but I was a crumb skeptical thither how it would upset me. I marked to try a negligible administer of CBD lubricant to appreciate if it would avoid with my long-lasting shoulder hurt and desire, and the results were more express than I anticipated.
As someone who fair-minded tried cbd products like cbd recovery representing the first heyday, I requirement bring up I’m genuinely impressed! I’ve been hearing about CBD in search or like a while now, but I was a bit skeptical almost how it would upset me. I marked to have a stab a lesser dosage of CBD fuel to appreciate if it would avoid with my chronic arm in arm distress and foreboding, and the results were more express than I anticipated.
Zaproxy dolore alias impedit expedita quisquam.
Excellent insights! Your breakdown of the topic is clear and concise. For further exploration, I recommend visiting: READ MORE. Keen to hear everyone’s opinions!
I like the helpful info you provide in your articles.
I will bookmark your blog and check again here
regularly. I am quite sure I will learn many new stuff right here!
Good luck for the next!
Very good article. I absolutely appreciate this site. Keep writing!
There is certainly a great deal to find out about this topic. I love all of the points you have made.
Hi, I do believe this is an excellent web site. I stumbledupon it 😉 I will return once again since i have book marked it. Money and freedom is the best way to change, may you be rich and continue to help others.
Howdy, I do think your website could be having web browser compatibility problems. Whenever I look at your web site in Safari, it looks fine however, if opening in I.E., it’s got some overlapping issues. I simply wanted to give you a quick heads up! Aside from that, fantastic website!
Your style is unique compared to other folks I have read stuff from. Thanks for posting when you have the opportunity, Guess I’ll just bookmark this web site.
I blog quite often and I genuinely appreciate your content. The article has truly peaked my interest. I’m going to book mark your website and keep checking for new details about once a week. I subscribed to your Feed as well.
I’m pretty pleased to uncover this web site. I want to to thank you for your time for this fantastic read!! I definitely enjoyed every little bit of it and I have you bookmarked to see new information in your website.
An impressive share! I have just forwarded this onto a coworker who was doing a little research on this. And he actually ordered me lunch because I discovered it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanx for spending some time to discuss this matter here on your blog.
I quite like reading an article that can make men and women think. Also, thanks for allowing for me to comment.
bookmarked!!, I love your website.
I need to to thank you for this very good read!! I certainly enjoyed every little bit of it. I’ve got you saved as a favorite to check out new stuff you post…
Good site you’ve got here.. It’s hard to find quality writing like yours these days. I really appreciate individuals like you! Take care!!
I love it when individuals get together and share ideas. Great site, keep it up!
Good post. I learn something new and challenging on websites I stumbleupon every day. It will always be helpful to read through articles from other writers and use a little something from their web sites.
Oh my goodness! Awesome article dude! Many thanks, However I am having issues with your RSS. I don’t understand the reason why I can’t join it. Is there anybody having the same RSS issues? Anybody who knows the solution can you kindly respond? Thanks.
Pretty! This was an extremely wonderful article. Thanks for supplying this information.
An outstanding share! I’ve just forwarded this onto a colleague who was conducting a little homework on this. And he actually ordered me lunch simply because I found it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanx for spending the time to discuss this subject here on your web page.
Hello! I could have sworn I’ve visited this site before but after going through many of the posts I realized it’s new to me. Anyhow, I’m definitely pleased I discovered it and I’ll be bookmarking it and checking back frequently!
Good article. I will be going through many of these issues as well..
I used to be able to find good info from your articles.
Hi, I do think this is an excellent site. I stumbledupon it 😉 I may return once again since i have book marked it. Money and freedom is the greatest way to change, may you be rich and continue to guide others.
Nice post. I learn something new and challenging on blogs I stumbleupon everyday. It’s always useful to read through articles from other authors and use something from their web sites.
A motivating discussion is definitely worth comment. I believe that you need to publish more about this subject, it might not be a taboo matter but usually people don’t discuss such subjects. To the next! Best wishes.
I blog quite often and I genuinely appreciate your content. The article has really peaked my interest. I am going to take a note of your website and keep checking for new details about once a week. I subscribed to your Feed as well.
Good site you’ve got here.. It’s difficult to find high quality writing like yours nowadays. I honestly appreciate individuals like you! Take care!!
You’re so interesting! I don’t think I’ve read through something like that before. So wonderful to discover someone with some unique thoughts on this subject matter. Really.. many thanks for starting this up. This web site is one thing that is needed on the web, someone with some originality.
Having read this I thought it was rather informative. I appreciate you finding the time and effort to put this content together. I once again find myself personally spending way too much time both reading and commenting. But so what, it was still worth it.
This is a really good tip especially to those new to the blogosphere. Simple but very accurate information… Appreciate your sharing this one. A must read post.
Good day! I could have sworn I’ve visited this blog before but after browsing through many of the articles I realized it’s new to me. Regardless, I’m definitely pleased I discovered it and I’ll be bookmarking it and checking back regularly.
There is certainly a lot to learn about this subject. I like all the points you made.
This site was… how do I say it? Relevant!! Finally I have found something that helped me. Thanks.
This blog was… how do I say it? Relevant!! Finally I have found something that helped me. Many thanks.
Hello there! This article couldn’t be written any better! Looking at this post reminds me of my previous roommate! He continually kept preaching about this. I’ll send this information to him. Pretty sure he will have a good read. Thank you for sharing!
This is the right site for everyone who wants to understand this topic. You realize a whole lot its almost tough to argue with you (not that I really will need to…HaHa). You definitely put a fresh spin on a subject that has been written about for years. Wonderful stuff, just wonderful.
This website was… how do I say it? Relevant!! Finally I have found something which helped me. Kudos.
I was excited to uncover this page. I wanted to thank you for ones time due to this wonderful read!! I definitely liked every bit of it and i also have you bookmarked to see new information in your website.
This website certainly has all the information and facts I needed concerning this subject and didn’t know who to ask.
Hi, I do believe this is a great blog. I stumbledupon it 😉 I may come back yet again since i have saved as a favorite it. Money and freedom is the greatest way to change, may you be rich and continue to guide others.
bookmarked!!, I like your site.
Excellent article. I am facing some of these issues as well..
Great info. Lucky me I found your website by chance (stumbleupon). I have bookmarked it for later.
Spot on with this write-up, I actually believe that this amazing site needs far more attention. I’ll probably be back again to read through more, thanks for the information!
Right here is the perfect webpage for everyone who really wants to understand this topic. You know a whole lot its almost tough to argue with you (not that I personally would want to…HaHa). You definitely put a fresh spin on a subject that has been written about for years. Wonderful stuff, just excellent.
Right here is the perfect website for everyone who really wants to find out about this topic. You understand a whole lot its almost hard to argue with you (not that I actually would want to…HaHa). You definitely put a brand new spin on a subject which has been discussed for many years. Great stuff, just wonderful.
I was able to find good information from your blog articles.
After I initially commented I appear to have clicked the -Notify me when new comments are added- checkbox and from now on whenever a comment is added I recieve four emails with the exact same comment. There has to be a way you are able to remove me from that service? Thanks.
Very interesting information!Perfect just what I was looking for!
Euro trip
Good info. Lucky me I found your website by accident (stumbleupon). I’ve saved it for later.
You have made some decent points there. I checked on the internet to find out more about the issue and found most people will go along with your views on this web site.
A fascinating discussion is worth comment. I believe that you need to publish more on this topic, it might not be a taboo matter but usually people do not talk about such subjects. To the next! Cheers.
You’re so interesting! I don’t think I’ve truly read a single thing like that before. So great to discover another person with a few unique thoughts on this topic. Seriously.. thank you for starting this up. This web site is one thing that’s needed on the internet, someone with some originality.
Saved as a favorite, I really like your website!
Good site you have got here.. It’s hard to find excellent writing like yours these days. I honestly appreciate people like you! Take care!!
Everything is very open with a very clear explanation of the issues. It was really informative. Your site is very useful. Thanks for sharing.
I need to to thank you for this fantastic read!! I certainly enjoyed every little bit of it. I have got you saved as a favorite to check out new things you post…
Good blog you have here.. It’s difficult to find high quality writing like yours nowadays. I truly appreciate individuals like you! Take care!!
An outstanding share! I’ve just forwarded this onto a co-worker who had been conducting a little research on this. And he in fact ordered me lunch due to the fact that I found it for him… lol. So let me reword this…. Thank YOU for the meal!! But yeah, thanks for spending some time to talk about this topic here on your web page.
Having read this I thought it was extremely informative. I appreciate you spending some time and effort to put this article together. I once again find myself spending a significant amount of time both reading and leaving comments. But so what, it was still worthwhile!
You’ve made some really good points there. I checked on the net to find out more about the issue and found most people will go along with your views on this website.
Disquieting nothing but hemp has been perfectly the journey. As someone keen on spontaneous remedies, delving into the in every respect of hemp has been eye-opening. From THC tinctures to hemp seeds and protein competency, I’ve explored a miscellany of goods. Teeth of the misunderstanding bordering hemp, researching and consulting experts receive helped navigate this burgeoning field. Entire, my experience with hemp has been positive, offering holistic well-being solutions and sustainable choices.
This is a really good tip especially to those fresh to the blogosphere. Brief but very precise info… Appreciate your sharing this one. A must read article!
I was more than happy to find this great site. I need to to thank you for your time just for this wonderful read!! I definitely liked every little bit of it and I have you bookmarked to look at new information in your blog.
Everything is very open with a really clear clarification of the challenges. It was definitely informative. Your site is useful. Many thanks for sharing.