SolarWinds Sunburst attack

3 Likes

Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

1 Like

SolarWinds releases known attack timeline but new data suggests hackers may have done a dummy run last year

2 Likes

Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ

4 Likes
5 Likes

5 Likes
2 Likes
4 Likes

This is the best summary I’ve seen so far:

the Guardian – 23 Dec 20

The US has suffered a massive cyberbreach. It’s hard to overstate how bad it…

This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols

Although updates continue to come in:

U.S. – 24 Dec 20

Suspected Russian hackers used Microsoft vendors to breach customers

The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, investigators said.

My oh-so-humble opinion on this one is that there is no substitute for knowing your s**t. Outsource at your own risk, because this is war, and the the bad guys are playing to kill.

2 Likes

Sounds like the rats are in every corner of the ship… :roll_eyes:

Microsoft Internal Solorigate Investigation Update
MSRC / By MSRC Team / December 31, 2020 / Investigation, SolarWinds, Solorigate

We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.

4 Likes

SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product

U.S. intelligence agencies say Russia likely behind hacking of government agencies

2 Likes

[…]
The lawsuit also points out that SolarWinds’ update server was at one time only protected by the insanely bad password solarwinds123, which was not a great indication of security being taken seriously.
[…]

1 Like

US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents

The SolarWinds hack exposed sealed US court documents – which could have a serious effect on Western sanctions against state-backed hackers.
[…]

1 Like

SolarWinds takes a leaf out of Zoom’s book, hires A-Team of Stamos and Krebs to sort out its security woes

[…]
On Friday the news broke that Chris Krebs, formerly the head of the US government’s Cybersecurity and Infrastructure Security Agency (CISA) until he was fired by presidential tweet for saying the American election wasn’t hacked, has started a consultancy with former Facebook and Yahoo ! security chief Alex Stamos. The two say that they have already been hired by SolarWinds and it’s a long-term contract.
[…]

So the Bad Guys got right into the compile chain at SolarWinds… tricky…

This, of course, reminds many of us of Ken Thompson’s thought experiment from his 1984 Turing Award lecture, “Reflections on Trusting Trust.”

3 Likes

Yup… it gets worse… :cn:

While the alleged Russian hackers penetrated deep into SolarWinds network and hid a “back door” in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion’s code to help spread across networks they had already compromised, the sources said.

…via…

https://www.schneier.com/blog/archives/2021/02/another-solarwinds-orion-hack.html

2 Likes

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack

[…]
If anyone understands the havoc 1,000 developers can create, it’s Microsoft.
[…]

5 Likes

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds…

So, what I want to see is an immediate decision from Canada’s Privacy Commissioner that anyone who has had SolarWinds on their system is in breach of Canada’s PIPEDA laws. Ditto the GDPR. How is it that you use a piece of software which, aside from the immediate breach of security it represents, could have been used to stash back doors in your systems, and still call yourself in any way “compliant”?

Our school board got hit by a ransomware attack last month. Guess what? They used SolarWinds… My bet is that we see a lot more of this.

If we don’t, then the criminals have really let their game slip…

3 Likes

Microsoft president asks Congress to force private-sector orgs to admit when they’ve been hacked

3 Likes