The hack of the century?
The SolarWinds supply chain attack ultimately led to the compromise of more than 18,000 organizations. The US federal agencies affected include the White House, the Pentagon and the US Treasury Department.
The malware disseminated within the attack is powerful, and provides the hackers with significant visibility into impacted systems.
For easy reference, researchers named the attack Sunburst. They also state that it may be years before the attack is fully understood.
The more technical details
The hackers deliberately maintained a low-profile while working on the execution of this attack. “For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread such that the DLL’s normal operations are not altered or interrupted,” says a spokesperson for the Microsoft 365 Defender Research Team.
“This method is part of a class, which the attackers named OrionImprovementBusinessLayer to blend in with the rest of the code. The class contains all the backdoor capabilities, comprising 13 subclasses and 16 methods, with strings obfuscated to further hide malicious code.”
Researchers also note that multiple strains of malware have been identified within the SolarWinds platform. The latest strains were named Supernova and CosmicGale. They’re currently perceived as unrelated to the supply chain attack. Could a separate intrusion campaign unfold?
Beyond the finger-pointing
Speculations abound as to the perpetrators of the attacks. Yet, the real takeway here is that both the public and private sectors in the US and around the world must revisit their cyber security postures.
As the US congress launches an investigation into the details of Sunburst, a senior federal cyber security official, speaking on condition of anonymity, recommends that the country examine:
- Why the nation’s cyber security approach appears flawed
- What the priorities of CISA should really look like
- How agencies can hardcode resilience into their networks and systems
How can your organization thwart Sunburst style attacks in the future?
Your organization should move towards a zero trust security model. Rethinking network design, and adopting microsegmentation techniques that can scale will also assist in shoring up cyber security.
One roadblock preventing organizations from responding to the SolarWinds attacks includes the mix-and-match policies and cyber security infrastructures within distributed organizations. A critical step in pursuing effective cyber security response protocols and tools is investing in a consolidated cyber security architecture. A consolidated architecture can enhance visibility, and make attack clean-up easier.
For more on this story, see Cyber Talk’s past coverage or check out ZDNet. If your enterprise may have seen impact from the Sunburst attack, schedule a security check-up or contact an expert for advice