2.7 KiB
| layout | title | 0ate | categories |
|---|---|---|---|
| security | Thoughts on SolarWinds hack | 2020-12-17 | security |
My thoughts on the SolarWinds hack
A worst case scenario
What if a threat actor was able to compromise a software program that gave operators insight into the systems that live on a network? A network map if you will as well as host up/down checking abilities. Oh, and a centralized storage place for credentials? What if the government (and a whole bunch of other companies with sensitive information) ran this software across alot of its infrastructure?
Well that software was SolarWinds, and it has been owned. A nation-state level attack believed to be from Russian hacking group APT29/CozyBear are believed to be behind the hack. They have compromised many of the internal government networks and work is ongoing to investigate the damage of companies and government agencies alike.
As I am fairly fresh into a new security research position at Kenna Security I want to begin this with a realization that targeted hacking has been going on for years. Me being a civilian, I have limited insight into the true nature of the intelligence operations that are constantly occurring across both the civilian/corporate internet and militarized networks. But I still do understand that this is something that is constantly occurring and one of the prime motivators for me to start learning about this space. I wanted to understand how the world works, and who controls the computers that control everything.
Information control is everything in the world today, and the United States intelligence agencies have developed the systems to capture and collect a whole bunch of data. This will always be a target to foreign nation-states. Systems will need to be rebuilt from scratch and systems needs to start being forensically imaged/copied and analyzed by incident response teams and really really skilled hackers and programmers to try to rebuild things in a much more secure manner and track the nation state hackers footprints.
I will be doing my best to start to better track down threat actors around the internet. Everybody in this space that is responsbile for securing infrastructure needs to always have a paranoid mindset and understand the realization of the world that we are in today. SolarWinds will not be the first example of this as we the future continue to unfold.