Just think about it: if the proper software had been signed, then it would have been possible for companies around the world to validate that the software was indeed coming from the SolarWinds company, and also to see that it was employing anti-tamper technologies, which ensures that it cannot be modified. In this case, having the proper combination of assigned software and anti-tamper technologies would have prevented the SolarWinds issue. The second is, technologies that enable software signing and are able to validate software that someone has installed. There are a number of technologies that are being employed in the space that should be baseline minimum today: one of which is protecting software against tampering, meaning being able to ensure that software that’s being protected and released by companies is safe and cannot be tampered with by third parties and hackers. Network segmentation Key lesson: you need the right combination of tech to be protected Take a snapshot or some other form of backup that can be used for later forensics if needed.ħ. Search for SolarWinds IOCs and other malware or potential indicators of compromiseĥ. Look for C&C traffic associated with the attackĤ. Look for SolarWinds monitoring account usageģ. Assume all accounts used by SolarWinds for monitoring are now compromisedĢ. Were you already using or running SolarWinds software within your environment? If you did, here are some recommended remediation steps to take: Recommended remediation steps healthcare companies should takeġ. These monitoring solutions were used by approximately 18,000 companies, including FireEye – where compromised SolarWinds software lead to the exfiltration of FireEye’s red team tools. Because SolarWinds produces a variety of popular IT infrastructure monitoring solutions, this breach compromised multiple solutions. The SolarWinds breach created serious security issues for government agencies, healthcare organizations and major companies in other industry verticals. Insignificant privileged account management Top 5 IT Challenges of Securing Healthcare according to SolarWinds pre-hackĤ. But don’t take our word for it: have a look at a list of challenges that SolarWinds discussed in a blog they published themselves. SolarWinds was well aware of the challenges they faced before they were hacked. The challenge of stopping breaches in healthcareįact: 24% of data breaches occur in healthcare. Protecting Healthcare information is a tough challenge. The attackers also accessed the California Department of State Hospitals and Kent State University. The massive SolarWinds attack affected a large variety of companies, including: Cisco Systems Inc., Intel Corp, Nvidia Corp, Deloitte LLP, VMware Inc. The New York Times is reporting that Russia exploited layers of the supply chain to access the agencies’ systems and that early warning sensors that Cyber Command and the NSA placed inside foreign networks to detect potential attacks appear to have failed. Microsoft said it discovered its systems were infiltrated “beyond just the presence of malicious SolarWinds code.” but that it found “no evidence of access to production services or customer data,” and “no indications that our systems were used to attack others.” Companies affected by the SolarWinds Cyberattack Quick facts about the SolarWinds attackĪccording to Microsoft, hackers compromised SolarWinds’ Orion monitoring and management software by letting them “impersonate any of the organization’s existing users and accounts, including highly privileged accounts.” Additionally, the hackers were able to “view source code in a number of source code repositories,” but the hacked account granting the access didn’t have permission to modify any code or systems. What makes this attack so interesting is that this breach enabled a group of hackers to monitor a group of networks within governments and enterprises throughout the globe. This was done by a group of hackers with the purpose of creating the capabilities to go and attack any customer of the SolarWinds company. In practice, what happened was the software from a vendor (SolarWinds) was breached and modified to do things it was not intended to do. The attack had a serious impact on the Connected Health Cybersecurity world, having targeted the US government and affected approximately 250 federal agencies and businesses. The recent SolarWinds hack is a fascinating story.
0 Comments
Leave a Reply. |