bpmcdevitt/brendan.mcdevitt.tech
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
brendan.mcdevitt.tech/_security/2020-12-17-thoughts-on-solarwinds.markdown
Brendan McDevitt 9755ecb91d fixed typo
2020-12-18 15:30:33 -05:00

35 lines
2.2 KiB
Markdown
Raw Permalink Blame History

---
layout: security
title: "Thoughts on SolarWinds hack"
0ate: 2020-12-17
categories: security
---
# My thoughts on the SolarWinds hack
## A worst case scenario
What if a threat actor was able to compromise a software program that gave
operators insight into the systems that live on a network? A network map if you will as well as host up/down checking abilities. Oh, and a centralized storage place for credentials?
What if the government (and a whole bunch of other companies with sensitive information) ran this software across most of its infrastructure?
Well that software was SolarWinds, and it has been owned. A nation-state level attack believed to be from Russian hacking group [APT29/CozyBear](https://en.wikipedia.org/wiki/Cozy_Bear) are believed to be behind the hack. They
have compromised many of the internal government networks and work is ongoing to
investigate the damage of companies and government agencies alike.
As I am fairly fresh into a new security research position at [Kenna Security](https://www.kennasecurity.com/),
I want to begin this with a realization that targeted hacking has been going on for years.
Information control is everything in the world today, and the United States
intelligence agencies have developed the systems to capture and collect
a whole bunch of data. This will always be a target to foreign nation states. Systems will need
to be rebuilt from scratch and systems needs to start being forensically imaged/copied and analyzed by
incident response teams and really, really skilled hackers and programmers to try to
rebuild things in a much more secure manner and track the nation state hackers
footprints.
Everybody in this space that is responsbile for securing
infrastructure needs to always have a paranoid mindset and understand the
realization of the world that we are in today. SolarWinds will not be the first
example of this as the future unfolds.
### Source list:
- [FireEye Advisory](https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html)
- [DHS Emergency Directive](https://cyber.dhs.gov/ed/21-01/)
- [CISA Alert AA20-352A](https://us-cert.cisa.gov/ncas/alerts/aa20-352a)
Reference in a new issue View git blame Copy permalink