SolarWinds: A Massive Cyber Attack In 2020
Hello there, Techncyber readers,
In today's blog i wanna tell you about the biggest cyberattack that held in US which put the whole world in shock know as the 'SolarWinds Hack' In this attack hacker's mainly targeted the US government, it's agencies and private companies in fact it is likely a global cyberattack !!
We are talking about the SolarWinds company which has a database performance management solution to fit your organization's needs.
What is 'SolarWinds Hack'?
News of this massive cyberattack technically first broke on December 8 when FireEye put a blog on detecting this attack on it's systems . This firm helps with security management of several government agencies and big private companies .
CEO Kevin Mandia wrote in a blog post saying that the company was “attacked by a highly sophisticated threat actor”, calling it a state-sponsored attack, although it did not name Russia. It said the attack was carried out by a nation “with top-tier offensive capabilities”, and “the attacker primarily sought information related to certain government customers.” It also said the methods used by the attackers were novel.
This attack is basically a supply chain ⛓️ attack in which the hacker's gained an access to the SolarWinds company and create a trojanized updates to SolarWinds. Basically a software update was exploited to install the 'SunBurst malware' into Orion
(Orion has been a dominant software from SolarWinds with clients which include over 33,000 companies)
which was then installed by 17,000 customers including the government agencies . FireEye says that attackers relied on several techniques to avoid being detected . The malware was capable of accessing the main system files . It was once installed the malware gave the backdoor entry to the files and networks of the SolarWinds and this malware also bypasses the anti-virus that could detect it.
SolarWinds, whose stock fell 17% on Monday, said in a financial filing that it sent an advisory to about 33,000 of its Orion customers that might have been affected, though it estimated a smaller number of customers — fewer than 18,000 — had actually installed the compromised product update earlier this year.
FireEye, however, has not yet named Russia as being responsible and said it is an ongoing investigation with the FBI, Microsoft, and other key partners who are not named.
What has SolarWinds Say About The Hack ?
Right now, SolarWinds is recommending that all customers immediately update the existing Orion platform, which has a patch for this malware.
“If attacker activity is discovered in an environment, we recommend conducting a comprehensive investigation and designing and executing a remediation strategy driven by the investigative findings and details of the impacted environment,” it has said.
Those unable to update are told to isolate “SolarWinds servers” and it should “include blocking all Internet egress from SolarWinds servers”. The bare minimum suggestion is the “changing passwords for accounts that have access to SolarWinds servers / infrastructure”.
That's all, hope you guys like this information .