Tag Archive for: SolarWinds

A Year After the SolarWinds Hack, Supply Chain Threats Still Loom


A year ago today, the security firm FireEye made an announcement that was as surprising as it was alarming. Sophisticated hackers had silently slipped into the company’s network, carefully tailoring their attack to evade the company’s defenses. It was a thread that would unspool into what is now known as the SolarWinds hack, a Russian espionage campaign that resulted in the compromise of countless victims.

To say the SolarWinds attack was a wake-up call would be an understatement. It laid bare how extensive the fallout can be from so-called supply chain attacks, when attackers compromise widely used software at the source, in turn giving them the ability to infect anyone who uses it. In this case, it meant that Russian intelligence had potential access to as many as 18,000 SolarWinds customers. They ultimately broke into fewer than 100 choice networks—including those of Fortune 500 companies like Microsoft and the US Justice Department, State Department, and NASA.

Supply chain attacks aren’t new. But the magnitude of the SolarWinds crisis significantly raised awareness, sparking a year of frantic investment in security improvements across the tech industry and US government.

“If I don’t get a call on December 12, I’ll consider that a success,” says SolarWinds president and CEO Sudhakar Ramakrishna. On that date a year ago, SolarWinds itself learned that Orion, its IT management tool, was the source of the FireEye intrusion—and what would ultimately become dozens more. Ramakrishna did not yet work at SolarWinds, but he was slated to join on January 4, 2021. 

While this week marks the one-year anniversary of cascading discoveries around the SolarWinds hack, the incident actually dates back as early as March 2020. Russia’s APT 29 hackers—also known as Cozy Bear, UNC2452, and Nobelium—spent months laying the groundwork. But that very dissonance illustrates the nature of software supply chain threats. The hardest part of the job is upfront. If the staging phase is successful, they can flip a switch and simultaneously gain access to many victim networks at once, all with trusted software that seems legitimate.

Source…

Iran’s Lyceum threat group active against telcos, ISPs. Clopp hits unpatched SolarWinds instances. Mercenaries. Patch Tuesday.


Attacks, Threats, and Vulnerabilities

Iranian cyber group targets Israel, Saudis, Africans – report ( The Jerusalem Post | JPost.com ) An Iranian hacker group called Lyceum has targeted Israel, Saudi Arabia, Morocco, Tunisia and others.

Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors (Forbes) An unprecedented peek inside an underground hacker-for-hire operation reveals 3,500 targets, including Belarusian presidential candidates, Uzbek human rights activists and a cryptocurrency exchange.

Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks (BleepingComputer) The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices.

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access (NCC Group Research) NCC Group’s global Cyber Incident Response Team has observed an increase in Clop ransomware victims in the past weeks. The surge can be traced back to a vulnerability in SolarWinds Serv-U that is being abused by the TA505 threat actor. TA505 is a known cybercrime threat actor, who is known for extortion attacks using the Clop ransomware. We believe exploiting such vulnerabilities is a recent initial access technique for TA505, deviating from the actor’s usual phishing-based approach.

Russian Cybercrime Group Exploits SolarWinds Serv-U Vulnerability (SecurityWeek) The Russia-linked ‘Evil Corp’ cybercrime group has been exploiting a vulnerability in SolarWinds Serv-U for initial infection.

Vulnerable smart contracts and fake blockchains: What do investors need to know? (Digital Shadows) Well, here we are again. Another blog on a topic that’s often spoken about but little understood: cryptocurrency. Cryptocurrency-related decentralized finance (DeFi) is seeing unprecedented interest from retail and institutional investors alike.

FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise (SecurityWeek) The Federal Bureau of Investigation (FBI) this week issued an alert on fraud schemes that direct victims to use cryptocurrency ATMs and Quick Response (QR) codes to…

Source…

SolarWinds Hit With Del. Derivative Suit Over Sunburst Hack


By Katryna Perera (November 5, 2021, 7:55 PM EDT) — Current and former directors of information technology company SolarWinds have been hit with a stockholder derivative suit in Delaware’s Chancery Court over claims they were at fault for the massive hack and data breach that affected governments and private businesses around the globe last year.

The complaint filed by shareholders Thursday states the suit is in response to the directors’ “utter failure to implement or oversee any reasonable monitoring system concerning … cybersecurity risks fundamental to SolarWinds’ only line of business.”

These failures, the shareholders claim, led to one of the most devastating cyberattacks in U.S. history, which has since been…

Stay ahead of the curve

In the legal profession, information is the key to success. You have to know what’s happening with clients, competitors, practice areas, and industries. Law360 provides the intelligence you need to remain an expert and beat the competition.

  • Access to case data within articles (numbers, filings, courts, nature of suit, and more.)
  • Access to attached documents such as briefs, petitions, complaints, decisions, motions, etc.
  • Create custom alerts for specific article and case topics and so much more!

TRY LAW360 FREE FOR SEVEN DAYS

Source…

New York Department Of Financial Services Questions Its Regulated Entities On Responses To And Lessons Learned From The SolarWinds Cyberattack – Technology


In December 2020, a cybersecurity company alerted the world to a
major cyberattack against the U.S. software development company,
SolarWinds, through the company’s Orion software product
(“SolarWinds Attack”). The SolarWinds Attack went
undetected for months, as it has been reported that the hackers
accessed the source code for Orion as early as March
2020.1 Orion is widely used by companies to manage
information technology resources, and according to SolarWinds Form
8-K filed with the Securities and Exchange Commission, SolarWinds
had 33,000 customers that were using Orion as of December 14,
2020.

It is alleged that the SolarWinds Attack was one part of a
widespread, sophisticated cyber espionage campaign by Russian
Foreign Intelligence Service actors which focused on stealing
sensitive information held by U.S. government agencies and
companies that use Orion.2 The hack was perpetuated
through SolarWinds sending its customers routine system software
updates.3 SolarWinds unknowingly sent out software
updates to its customers that included the hacked code that allowed
the hackers to have access to customer’s information technology
and install malware that helped them to spy on SolarWinds’
customers, including private companies and government entities,
thereby exposing up to 18,000 of its customers to the
cyberattack.

The New York Department of Financial Services (“DFS”)
alerted DFS-regulated entities of the SolarWinds Attack on December
18, 2020 through the “Supply Chain Compromise
Alert.”4 The Supply Chain Compromise Alert included
guidance from the U.S. Department of Homeland Security’s
Cybersecurity and Infrastructure Security Agency, SolarWinds, and
other sources, and reminded the regulated entities of their
obligations under the New York Cybersecurity Regulation
(“Cybersecurity Regulation”), adopted in 2017, which
requires DFS-regulated entities, including New York banks,
insurance companies and producers and other financial services
firms, to develop a comprehensive cybersecurity program, implement
specific cybersecurity controls, assess cybersecurity risks posed
by third-party service providers, and notify the DFS of
“cybersecurity…

Source…