One year after SolarWinds was hacked, supply chain threats are still looming


a year ago Today, the security company FireEye issued a surprising and shocking announcement.Experienced hackers have Sneaked into the company’s network quietly, Carefully adjust their attacks to evade the company’s defenses.This is a piece that can be unwrapped into what is now called SolarWinds hacker, The Russian espionage that led to the compromise of countless victims.

To say that SolarWinds’ attack was a wake-up call is an understatement.It reveals the so-called consequences Supply chain attackWhen attackers damage widely used software from the source, they in turn enable them to infect anyone who uses it. In this case, this means that the Russian intelligence service may reach up to 18,000 SolarWinds customers. They ended up breaking into less than 100 alternative networks—including those of Fortune 500 companies such as Microsoft. U.S. Department of Justice, State Department and NASA.

Supply chain attack Not newHowever, the severity of the SolarWinds crisis has significantly increased people’s awareness and triggered a year of crazy investment in security improvements by the entire technology industry and the US government.

“If I didn’t receive a call on December 12, I would think it was a success,” said Sudhakar Ramakrishna, President and CEO of SolarWinds. On that day, SolarWinds itself learned that Orion, its IT management tool, was the source of FireEye’s intrusion—and eventually there will be more intrusions. Ramakrishna does not work at Solarwinds but plans to join on January 4, 2021.

Although this week is the first anniversary of the cascading discovery surrounding SolarWinds hackers, the incident can actually be traced back to March 2020. The Russian APT 29 hackers (also known as Cozy Bear, UNC2452, and Nobelium) spent months laying the groundwork. But this disharmony illustrates the nature of the threat to the software supply chain. The most difficult part of the job is the preliminary work. If the stage is successful, they can turn on a switch and access many victim networks at the same time, all of which use trusted software that looks legitimate.

Throughout the security industry, practitioners generally tell WIRED that SolarWinds hackers (also known as Sunburst hackers, after backdoor malware distributed through Orion) have meaningfully expanded the need for transparency and insight into the source and integrity of software Understanding.There must be other influential software supply chain attacks before December 2020, such as Compromise of computer cleaning tool CCleaner And Russian Distribution of the notorious and destructive NotPetya malware Through the Ukrainian accounting software MEDOC. But for the US government and the technology industry, the impact of this campaign is particularly great.

“This is definitely a turning point,” said Eric Brewer, vice president of Google Cloud Infrastructure. “Before I explain to people that this industry is facing challenges here, we need to deal with it. I think there is some understanding, but it is not very prioritized. Attacks that people don’t see directly are only abstract. But after SolarWinds, this The information resonated in different ways.”

This awareness has also begun to translate into actions, including building software equivalent to ingredient lists and ways to better monitor the code. But this is slow work; supply chain problems require as many solutions as there are types of software development.


Source link

Recommended For You

About the Author: News Center