Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
10 network security tips in response to the SolarWinds hack
#1
Quote:Cybersecurity experts are calling the attack on the SolarWinds Orion network management platform one of the most serious hacks on U.S. government networks and many large company data infrastructures. The attack, revealed in December 2020, had network professionals scrambling to mitigate the effects of the pervasive breach.

The supply chain attack has affected several federal government agencies, including the departments of commerce, energy and homeland security. News of the hack forced major public companies, including Cisco Systems and Microsoft, to ratchet up their network analysis activities to identify and mitigate the anomaly before it could disrupt operations.

Soon after the hack was revealed, SolarWinds announced updates to its Orion platform, which was hacked by malware called Supernova. According to SolarWinds' investigation, the malware could be deployed by exploiting a vulnerability in the Orion platform. Approximately 18,000 customers were affected by the breach. In response to the SolarWinds hack, these firms need to deploy the Orion updates and carefully examine all aspects of their networks to identify where the malware might have launched.

Supernova malware explained
According to a SolarWinds security advisory, "SUPERNOVA is not malicious code. ... It is malware that is separately placed on a server that requires unauthorized access to a customer's network and is designed to appear to be part of a SolarWinds product."

The vendor noted that the malware has two components. "The first was a malicious, unsigned webshell .dll 'app_web_logoimagehandler.ashx.b6031896.dll' specifically written to be used on the SolarWinds Orion Platform. The second is the utilization of a vulnerability in the Orion Platform to enable deployment of the malicious code."

Investigators researching the malware attack identified a backdoor called Sunburst, which enabled hackers to receive reports on infected computers. The hackers then used this data to target systems they identified for further exploitation.

Investigators found the backdoor code was similar to another widely used hacking tool called Kazuar. They surmised Kazuar was used in many previous attacks on public and private organizations and may have been a trigger to launch the previously dormant malware residing in target systems.

Lessons learned and next steps
The Orion platform is popular and used worldwide -- and was clearly a target for highly experienced hackers. Among the lessons learned from the SolarWinds hack is that security software is not completely perfect and should be considered a potential cyber attack entry point.

Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  New SUPERNOVA backdoor found in SolarWinds cyberattack analysis tarekma7 0 843 12-23-2020 , 05:23 PM
Last Post: tarekma7
  A checklist of tips for protecting your digital security and privacy Sasha 0 1,231 08-21-2020 , 07:18 PM
Last Post: Sasha
  Cyber Security Today – Twitter hack aftermath, more Android malware, actors on alert Mike 0 1,607 07-20-2020 , 05:00 PM
Last Post: Mike

Forum Jump:


Users browsing this thread: 1 Guest(s)