The biggest news this week in regards to Solar Winds is the fact that a court has been hit in the ongoing fiasco that is now being talked about as the biggest breach of 2020 according to Solutions Review Presents: The Top Data Breaches of 2020 which one of my followers tweeted. What I’d like to do is try to get the videos from this and share it on a future podcast, as some may be familiar and some may not. I may just read from the web site and do it that way. What isn’t surprising in this list is that Solar Winds is the breach of the month in December, and from what I’m hearing, companies may be effected but not coming out as of yet.
As I said, courts are the next victim, and this article entitled Federal courts are latest apparent victim of SolarWinds hack and it is a Cyberscoop article. Tim Starks writes for Cyberscoop on this one.
According to the article, Federal courts are a goldmine for criminals, since there are so many cases that go through there. All kinds of cases and all kinds of crimes may be heard by the federal court, so protecting this data is of utmost importance I’d hope.
According to the article, it says:
Going forward, federal courts will only accept filings of highly sensitive documents in paper form or via secure electronic devices, and won’t upload those
documents to its electronic case management system.“This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not
available to the public,” the office said.
They also write:
“CISA has evidence that there are initial access vectors other than the SolarWinds Orion platform and has identified legitimate account abuse as one of
these vectors,” the agency said.
This continues to be an ongoing ordeal, and I’ve published a blog post about something that may be of interest for those who come here specifically for Solar Winds coverage.
Finally, the article concludes with this paragraph that says:
Via a new technique that CISA has seen hackers use in an incident it responded to, the agency said, “it is possible that authentication can occur outside of an organization’s known infrastructure and may not be visible to the legitimate system owner.”
This may be a major problem moving forward, and I don’t know what the solution of this is going to be if 2021 is the year for huge breaches like this one that can go undetected for over a year.
- CISA releases Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments links to an article that may be of interest where it comes to Solar Winds and other TTP’s that may be in use.
- Podcast 26 of the Security Box covers some of the news from December 8th and 15th dealing with Solar Winds within its other scheduled content. You can fastforward to hear specifics on Solar Wind from GRC’s Steve Gibson from podcasts 797 and 799 of the SN program. I’m sure we’ll be continuing to learn more about this through various podcasts, articles and other sources that may be sent to me.
- CISA Updates Emergency Directive is also something you might be interested in reading.
Next, Sen. Warner accuses White House of weakening statement attributing SolarWinds hack to Russia comes to mind as well. Mr. Warner has spoken out in regards to other breaches, so he’s a good vocal point that we need to have.
The first paragraph may just sum this article up beautifully. It states:
An influential Senate Democrat who will soon chair the intelligence committee on Thursday accused the White House of “water[ing] down” the U.S. government’s
public statement linking a hacking campaign to Russia, and suggested more high-profile corporations had been breached.
Another paragraph later down says:
A person familiar with internal U.S. government deliberations on the matter echoed Warner’s accusation, saying that the White House had weakened the language
attributing the campaign to Russia and that the word “likely” was a surprise inclusion in the final statement.Spokespeople for the White House and its National Security Council did not respond to requests for comment. Russia has denied involvement in the hack.
Those that may have done it of course don’t want to admit to having any involvement but attribution seems to now be stronger on Russia, even if they don’t want to admit it.
There is a lot of linked stuff here, so I can’t take every paragraph and pull it apart, so just check out the article, and let us discuss it.
Finally, Mr. Trump, if he’s very unhappy now that he’s apparently lost his twitter account for the foreseable future, he mize well find something to do as one of his own people he hired than fired had no trouble finding another job. Mr. Christopher Krebs, no relation to Brian Krebs, found a job at Solar Winds as he was hired to help them figure out what broke and help them get back on their feet. The article SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack is the article I’m talking about by Cyberscoop. Sean Lyngaas wrote this article for the publication.
Alex Stamos, former Facebook Security Chief, also got hired for the task as well.
According to the very first paragraph:
Software provider SolarWinds, which was breached in a suspected Russian hacking campaign against U.S. companies and federal agencies, has hired former
senior U.S. cybersecurity official Chris Krebs and former Facebook security chief Alex Stamos to help respond to the hack and improve its security practices.
Continuing:
Krebs and Stamos will work as consultants for Texas-based SolarWinds as it continues to deal with the fallout of a hacking operation that has roiled Washington
and is considered one of the more significant cyber-espionage campaigns against U.S. agencies in years.
When we first learned about the breach, publications like Cyber Scoop and others stopped short on saying it was espionage, but it has later been confirmed to be such.
Lastly for this section, the article says:
“Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies,” SolarWinds said in a statement. “We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class
guidance on our journey to evolve into an industry leading secure software development company.”
Solar Winds, your mistake was the fact that you took your development offshore according to what I read, and you put security on the back burner. In my opinion, maybe you deserve what happened, and hopefully you’ll learn what not to do next time.
The article goes on to say that less than 10 federal agencies including commerce, DHS, the department of energy, the white house and possibly others we still don’t know about. The article only lists three as example, but I don’t believe we’ve heard it all yet.
Alex was part of Yahoo! at the time we didn’t learn of the many Yahoo! accounts that were breached. I’ve stopped using my Yahoo SBC account and have no plans on using it.
There’s more about each member, lots of links, and lots to read. Have something to say? Register and leave those comments. Its free to do, and we welcome your comments right here, on the tech blog.