Hello folks,
We’ve got more news coming out of solar wind and their catastrophe if you can call it that. We know to date the comerce department was hit along with other potential players who use this company.
Apparently from what I’ve read, we’re learning that the software used is supposed to be a health checker of some point for IT to use for the network. They call it a health checker in this industry.
There are two articles that I am going to talk about today, and two important articles. Both of these articles may be similar in content, but I feel that they’re worth discussing.
The first article talks about a malicious domain that was taken over by Microsoft and Godaddy to prevent the spread of whatever this thing was going around. The second article talks about this, and covers some other stuff, so let’s get started with the latest.
The first article as part of this blog post is entitled: Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ which was quite interesting.
A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software
vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity
has learned.
…
Today, FireEye responded that the domain seizure was part of a collaborative effort to prevent networks that may have been affected by the compromised
SolarWinds software update from communicating with the attackers. What’s more, the company said the domain was reconfigured to act as a “killswitch” that
would prevent the malware from continuing to operate in some circumstances.“SUNBURST is the malware that was distributed through SolarWinds software,” FireEye said in a statement shared with KrebsOnSecurity. “As part of FireEye’s
analysis of SUNBURST, we identified a killswitch that would prevent SUNBURST from continuing to operate.”
This is quite interesting, because I don’t remember much about this family called Sunburst. According to a portion of Fire Eye’s statement, it says:
This killswitch will not remove the actor from victim networks where they have established other backdoors. However, it will make it more difficult to
for the actor to leverage the previously distributed versions of SUNBURST.”
This is quite interesting, seeing that this malware has gone so far, however not surprising just the same.
According to Krebs, Sunburst is using obfuscated communications and techniques to stay under the radar and only now are researchers like Fire Eye’s team and others are trying to figure it out.
More interesting in this article is that a Chinese cybersecurity firm named RedDrip published information on Get Hub about this. Brian Krebs links to this and I’m going to do the same. China is not known for cybersecurity stuff, they’re well known to cause as much havoc in cybersecurity, I just had to wonder.
According to this research however, there are possibly hundreds of victims involved, and we’re just getting started. This may include universities, high tech companies, and even governments may be involved too.
We know from my prior post linked above, I post the five known possibilities of the government and possibly others that could have been effected, but it would not surprise me that there can be more, and it wouldn’t surprise me that we’re only scratching the surface.
There’s possibly more including the possibility that the legal fallout of the breach for this company will be felt for some time. According to Brian Krebs, the Washington Post reported that top investors sold shares of stock prior to the breach becoming public. The number of stocks are unknown, but it is millions of dollars of stock. Stocks fell 20 percent if not more since the breach.
The second article talks about the potential number of customers, the title indicates at least 18,000 potential customers effected. This article also comes from Krebs on Security and is entitled SolarWinds Hack Could Affect 18K Customers and should be read too.
This was written on Monday, and I think the first article I linked to was written the next day.
The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers,
the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as
it recently took possession of a key domain name used by the intruders to control infected systems.
On Dec. 13, SolarWinds acknowledged that hackers had inserted malware into a service that provided software updates for its Orion platform, a suite of
products broadly used across the U.S. federal government and Fortune 500 firms to monitor the health of their IT networks.
There are a lot of products we do not know about, so its no surprise that we don’t know anything about this company. I don’t want to label them as a bad company, just a very big mistake that is just going to cost them. In this article, they talk about the fact that this intrusion could’ve gotten in to Solar Wind’s Microsoft 365 accounts, and we know what that could mean don’t you?
There is a lot of linked stuff here, so the best thing to do is to read both articles and form your own opinion. This is only heating up, and I surmise that its only going to get bigger.
The boards await you on what you think of this one. Catch you all later!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.