“He said, ‘Essentially, we’ve decompiled your code. We found malicious code,’ ” Brown said. “So they could then say, ‘OK, we’re going to go after this dot gov target or whatever,’ ” Meyers said. “I think later it became clear that there were a lot of government technology companies being targeted.” For decades, there had been an urban myth that kids couldn’t eat any Halloween candy before checking the wrapper seal because bad people might have put razor blades inside.
Regular checks of right access control should be taken care of by using technologies of zero trust network access. No matter how secure you think your websites are, there is always a vulnerable spot for attackers to land their footholds. It is important to employ various security measures and technologies like software-defined perimeter and microsegmentation to keep your eyes on every component of your supply chain. The CISA directed all the solar winds users who installed one of its affected updates to assume that their systems and networks were compromised and carry on functions keeping that in mind. Also, the Orion was immediately patched with a secured version and was cleaned out entirely.
In that case, according to SolarWinds’ Ramakrishna, the security teams at SolarWinds and Palo Alto worked together for three months to try to pick up the thread of the problem and walk it back. “None of us could pinpoint a supply chain attack at that point,” Ramakrishna told NPR. “The ticket got closed as a result of that. If we had the benefit of hindsight, we could have traced it back” to the hack. The second came three months later when a California-based cybersecurity company called Palo Alto Networks discovered a malicious backdoor that seemed to emanate from the Orion software. The hackers also reverse-engineered the way Orion communicated with servers and built their own coding instructions mimicking Orion’s syntax and formats.
This little encrypted strip, Meyers thought, might help them figure out who was behind the attack. Mandia had a security briefing a short time later and everything he heard reminded him of his previous work in the military. “I spent from 1996 to 1998 responding to survey confirms python while overtakes php what I would equate to the Russian Foreign Intelligence Service, and there were some indicators in the first briefing that were consistent with my experience in the Air Force.” “The SVR has a pretty good understanding that the NSA is looking out,” Krebs said.
That’s one of the key reasons SolarWinds decided to go public, Ramakrishna said. A Biden administration official told reporters during a background briefing Thursday that one reason the White House responded so strongly to the SolarWinds attack is because these kinds of hacks put an undue burden on private companies. Mandia envisions a review board for significant incidents where intelligence is gathered and the nation finds a way to defend itself appropriately. Right now, the onus is on private companies to do all the investigations.
After breaking into victims’ networks using a flaw in software from IT management firm SolarWinds, cybercriminals used Microsoft’s user authentication service Active Directory and its productivity suite for email, chat, and other tools, Office 365, to spy on them. UBS analysts also predict that the SolarWinds hack will spur more businesses to invest in cloud computing and security software, two of Microsoft’s strengths. “Microsoft might even benefit,” the note continued, as customers react by buying additional security tools from the company or moving away from old or on-premise software in favor of using Azure’s cloud. Microsoft’s products were among the tools hackers used to spy on massive corporations and the highest levels of US government. SolarWinds itself disclosed in an SEC filing that its own Office 365 tools were compromised by hackers, and The New York Times reported that the US Treasury Department’s Microsoft email system was compromised as part of the hack. And last week, Microsoft — itself a hacking victim — disclosed that intruders were able to view its internal source code.