A group believed to be Russia's Cozy Bear gained access to government and other systems through a compromised update to SolarWinds' Orion software. Most organizations aren't prepared for this sort of software supply chain attack.
The SolarWinds cyber attack has been explained from the perspective of the vendors affected, but here’s a look at its process, lifecycle, and global impact. How SolarWinds Attack Was Carried Out The SolarWinds assault was a typical supply chain attack. In these kinds of hacks, the attacke...
A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password (“SolarWinds123”) that gave attackers an open door into its software-updating mec...
Last year was dominated by the cyber attack, but the firm has learnt from that experience and has a clear strategy for the future Read Now Article SolarWinds response team recounts early days of attack During a webcast, members of the SolarWinds incident response team explained how a lucky...
Software supply chain attacks explained. Fragmented authority Though I'd argue SolarWinds has much to answer for, it should not have had to defend itself against a state-orchestrated cyber attack on its own. The2018 National Cyber Strategydescribes how supply chain security should work. The govern...
Is that threat group actually Turla? “It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets, particularly in the Middle East, Central and Far East Asia, Europe, North and South America, and former Soviet bloc nations,” according to the firm. ...
UPDATED on December 16:In an emailed statement FireEye formally confirmed a coordinated takedown of the SUNBURST C&C domain, together with Microsoft and GoDaddy. The explained that what ZDNet sources described as "protective work" was a killswitch mechanism found in the SUNBURST domain that cou...
Even when you've secured your build system to the best of your abilities it's not a sure thing that it's safe. In the long run, Wheeler thinks there's only one true strong countermeasure for this kind of attack:Verified reproducible builds. ...
"We believe our tenant was accessed using one of the TTPs that were published in the CISA alert," Kleczynski explained in aRedditthread. Malwarebytes said the threat actoradded a self-signed certificatewith credentials to the principal service account, subsequently using it to make API calls to...
Tuesday, 23 February, saw the first of a series of hearings relating to the SolarWinds cyberattack. Speaking during the three hour long hearing in front of the US Senate were representatives from Microsoft, CrowdStrike, FireEye, and SolarWinds, with one notable absence: Amazon. ...