MALWAREBYTES SOLARWINDS AZURE SOFTWARE
(Acronis will soon publish an e-book with recommendations on this very topic.) Consider that any weak link in your software supply chain, as SolarWinds proved to be to its customers, is a potential avenue to the theft or destruction of your sensitive data. Next, evaluate your vendors and service providers as a potential source of risk to you.Consider following an open security framework like NIST 800-171 or ISO/IEC 27001 to help work through various potential risks, identify your softest spots, and shore up those defenses. First, tend to your own backyard by renewing your commitment to building a multi-layered, defense-in-depth security architecture.In light of this dire fact, what can you do to at least reduce your risk of being victimized by a similar attack, one that could cause great harm to your reputation if you become a conduit to pass the malware on to your partners and customers? Here are a few recommendations: Should they set their sights on you, most of the time they will eventually succeed. That “good-enough security” baseline does not pass muster with state actors mounting APTs: they have comparatively unlimited resources, skills, time, and patience. Most companies only invest in security defenses in anticipation of attacks by cybercriminals, and hope that their countermeasures will be good to discourage attackers into moving on to assail other, more vulnerable targets.
The fact is that any state actor that is determined to mount an APT attack on you will eventually succeed.
No private business, public institution, tech vendor, or service provider should be laughing or pointing fingers at the initial victims of the attack, nor the members of their software supply chain that were also comprised as a result. The SolarWinds attack represents a leap forward in APTs conducted against private enterprises and government organizations in its scale, scope, and sophistication. If the SolarWinds APT missed you, don’t get cocky (Earlier disclosures by vendors that believed they had been targeted by the same APT include Microsoft and cybersecurity firms FireEye and CrowdStrike, though the latter claims the attack failed to penetrate its network.) Malwarebytes asserts that only a limited number of its internal company emails were stolen and that its own software repository had not been corrupted. Cybersecurity vendor Malwarebytes disclosed earlier this week that it had also been victimized by the same threat actor behind the SolarWinds attack, though via a different threat vector – it exploited certain applications with privileged access to Microsoft 365 and Azure environments. Now comes news that SolarWinds was not the only victim of this APT. The sophistication, long arc of the attack (believed to have begun in October 2019 and only discovered with a bit of luck in December 2020), and the requisite skills, commitment to success, and funding necessary to carry it out classifies it as an Advanced Persistent Threat (APT) attack that is generally only carried out by hostile national intelligence agencies (in this case, allegedly Russia’s Foreign Intelligence Service.) The attack used many ingenious techniques to evade detection by its victims’ IT operations monitoring tools and cybersecurity countermeasures, masquerading its malicious tools, utilities, and network usage as legitimate processes and traffic.
When customers downloaded the latest Orion product update, the malware surreptitiously spread throughout their organizations, in many cases finding and forwarding sensitive data to external servers controlled by the attackers. The means was a software supply-chain: attackers breached the software distribution infrastructure of tech vendor SolarWinds, embedding malware in its popular Orion network management tool. You don’t have to work in cybersecurity to be aware of the recent discovery that a sophisticated state actor had potentially compromised tens of thousands of private companies and government institutions in the Americas, Europe, and the Middle East.
0 kommentar(er)
