It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
SolarWinds and FireEye
The attackers penetrated federal computer systems through a popular piece of server software offered through a company called SolarWinds.
The threat apparently came from the same cyberespionage campaign that has afflicted cybersecurity firm FireEye, foreign governments and major corporations.
The system is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies, which will now be scrambling to patch up their networks.
The attackers planted malware in computer networks after using what FireEye CEO Kevin Mandia has called "a novel combination of techniques not witnessed by our partners in the past or us."
originally posted by: AScrubWhoDied
It's not that we are "so vulnerable", it's more of technology evolves on a daily basis. What's unexploited today could be exploited tomorrow. Its a constant game of cat a mouse - and America isnt always the victim.
There are some freakishly talented people out their, and they dont all live in America
On one level, it's not their fault since the software is so generally speaking vulnerable, and one cant test something ad Infinitum…as in the end, no software is 100 percent free from attack.
Blamed on Russia, the hack infiltrated federal agencies and private companies.
Earlier this year, hackers compromised software made by a cybersecurity company you might not have heard of. The infiltration led to a massive malware campaign that's now affecting US federal agencies as well as governments around the world, according to the security firm and news reports.
The hacked company, SolarWinds, sells software that lets an organization see what's happening on its computer networks. Hackers inserted malicious code into an updated version of the software, called Orion. Around 18,000 SolarWinds customers installed the tainted updates onto their systems, the company said.
The compromised update process has had a sweeping effect, the scale of which keeps growing as new information emerges. Based on newspaper reports, the company's statements and analysis from other security firms, a Russian intelligence agency reportedly carried out a sophisticated attack that struck several US federal agencies and private companies including Microsoft
Hackers managed to access a system that SolarWinds uses to put together updates to its Orion product, the company explained in a filing with the SEC. From there, they inserted malicious code into otherwise legitimate software updates. This is known as a supply-chain attack, because it infects software while it's being assembled.
It's a big coup for hackers to pull off a supply-chain attack, because it packages their malware inside a trusted piece of software. Instead of having to trick individual targets into downloading malicious software with a phishing campaign, the hackers could rely on several government agencies and companies to install the Orion update at SolarWinds' prompting.
The approach is especially powerful in this case because hundreds of thousands of companies and government agencies around the world reportedly use the Orion software. With the release of the tainted software update, SolarWinds' vast customer list became potential hacking targets.
originally posted by: Nivhk
a reply to: network dude
I thought they use to hire people or have teams set up to actively run attacks and look for vulnerabilities.
My dad used to do that in the 90s and early 2000s, be given latest tech and try to find ways to exploit it. He got canned when companies started to remove those departments.
Did they decide to cut costs by letting random internet warriors do it after its released instead of paying people before releasing?
originally posted by: network dude
is cyber security a proactive field, or a reactive field?
I'd say largely reactive. You don't know what you need until someone has infiltrated a weak spot. Then you need a patch.
This case, hardware code was targeted, which is usually the first line of defense, and not usually suspect of the intrusion.
It was a brilliant hack in that it went after the most prolific vendors in the world.