Solarwinds - Supply Chain Hack

nothing, that why i said that. ms has not commented or released anything, its just more anonymous garbage for now.


doesnt matter, see above.
Don't hold your breath. Companies don't just announce breaches unless they are compelled to do so.
 
I voted China but honestly the more I think about it it easily could be the U.S. too. With the as many tools at their disposal like Vault 7 and many more we don't know about, its likely just disguised for who they want it to look like.
 
Yeah, the sheer scale and breadth of the attack will make a lot of powerful people/entities want justice. You don't piss off the people with the money and the power. If it was one of us - yeah, slap on the wrist if they stole from us or leaked our data (hello: Equifax).
I was referring to the trades that were made, not the hack.
 
"

Billions Spent on U.S. Cyberdefenses Failed to Detect Giant Russian Hack​

"

https://news.yahoo.com/billions-spent-u-cyberdefenses-failed-131219060.html

(curtesy of KarateBob )
We could spend trillions and it wouldn’t change anything.

You can’t secure something that is fundamentally impossible to secure.

I hate working in this field, personally, because I know it’s all a sham. I can’t wait to retire soon. It’s just not sustainable. Something will have to change in a big way at some point. Pouring more into cyber defense isn’t the solution. It’s just putting your finger into a hole in the Hoover dam.

And it also really pisses me off that the idiots in charge think AI will fix this. It is so incredibly easy to influence AI just as you would a human being.
 
Last edited:
Glad I'm done with it. Yeah the latest buzz word AI will fix everything, yeah right. If there's a way out, there's a way in. The fix is the quantum network supposedly.
 
The problem is, you can mandate 3rd party software providers follow all the laws and regulations, but you're still depending on them. In my field, to meet US Cyber Security Law under 10CFR73.54, we actually go to the 3rd party vendor's physical office and investigate their supply chain security, software/hardware security, physical security, QA program, etc before using their products to make sure they're also meeting our requirements under the law. Obviously, if that isn't good enough, nothing will be.

There's always people looking for the next exploit or hack, and when powered with the resources of a nation-state behind it, a single company cannot keep up with staying ahead of them. In order to keep ahead, you'd need borderline tyranny of the federal government over businesses, with cyber command resources at all companies feeding them counter-intelligence from the latest spy activites in other countries. What makes it even harder is, most technology products are made in countries who are an enemy, so they can put hardware level and software level back doors in just about anything they want by having a compromised employee working for a US company on foreign soil where all the government oversight is by the nation-state that controls the company activities.

This is one of the main motivators behind bringing back American manufacturing and putting America first. It may cost more to manufacture something here (marginally in the long run), but it is still cheaper than having all your companies hacked, data leaked, businesses bankrupt, and homeland security sensitive information leaked. We're in a cyber and economic war. Next comes physical war if it isn't turned around.
 
Supply chain related: About 80 companies to be blacklisted from US for national defense reasons.

"SMIC will also be explicitly prohibited from acquiring technology to build chips with 10-nanometer circuits and smaller." --- this is huge, because Qualcomm / Broadcom depend on them. Looks like a lot of changes will be happening.

https://www.foxbusiness.com/markets/us-to-blacklist-dozens-of-chinese-companies-wilbur-ross-says

UK Use of Software Linked To Russia-Hack Runs Deep

 
  • Like
Reactions: Mega6
like this
We could spend trillions and it wouldn’t change anything.

You can’t secure something that is fundamentally impossible to secure.

I hate working in this field, personally, because I know it’s all a sham. I can’t wait to retire soon. It’s just not sustainable. Something will have to change in a big way at some point. Pouring more into cyber defense isn’t the solution. It’s just putting your finger into a hole in the Hoover dam.

And it also really pisses me off that the idiots in charge think AI will fix this. It is so incredibly easy to influence AI just as you would a human being.

The only way to secure data is to not keep it in systems connected to the public internet, either directly or indirectly.

If you have enough data in one place, something becomes a target, and once something is a target it CAN NOT be secured. All you can do is make it more difficult to breach. AI won't change this.

In order to secure something it needs to be completely air gapped. You can't even use VLANS or other techniques to accomplish this. The network hardware needs to be completely separate.

Even then - as Stuxnet showed us - you are still vulnerable to social engineering or people doing things they aren't supposed to with portable storage media.

You have to go completely draconian. Fill USB ports with cement. Prevent use of portable devices on site. Use millimeter wave body scanners at every entrance and exit and charge people with crimes if they are caught carrying cellphones or USB sticks. That sort of thing.

And even if you do, occasionally, still some Will slip through.
 
It's not impossible. It is just being looked at the wrong way. You can't spend your way out of it if you don't have the right people. If you don't have the right processes...technology is tertiary. Too many people buy a tool but don't bother to operationalize it correctly. Nevermind once you do that then you need to get proactive and hunt. People just want to cut corners and do the bare minimum for whatever regulation or checkbox their industry has. The hacks will keep happening as long as it is not financially incentivized to have protection of that scale.
 
It's not impossible. It is just being looked at the wrong way. You can't spend your way out of it if you don't have the right people. If you don't have the right processes...technology is tertiary. Too many people buy a tool but don't bother to operationalize it correctly. Nevermind once you do that then you need to get proactive and hunt. People just want to cut corners and do the bare minimum for whatever regulation or checkbox their industry has. The hacks will keep happening as long as it is not financially incentivized to have protection of that scale.
"VMware Flaw a Vector in SolarWinds Breach?" -- https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/


sorry if dupe
 
It seems the attackers weren't that sophisticated after all.


https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/

So they just walked in through the front door. That level of capability is not limited to APTs.

OMG. Their password was solarwinds123

How does this happen? How utterly incompetent can an enterprise network solutions provider be?

If they can't even get this right, they deserve every bit of business loss they get out of this thing.

"solarwinds123"

think this was overlooked as being pretty important ^

Thanks folks
 
"solarwinds123"

think this was overlooked as being pretty important ^

Thanks folks
At first I thought you both were joking, but after reading the article...
Vinoth further mentions in the tweet that the password was *****123. Our guess is that, the password of that FTP server was solarwinds123, leaving the redacted part, which is a very weak credential. solarwinds123 is an example of the weakest credentials one can think of. Credentials of the FTP download server which was exposed on the SolarWinds GitHub repo are as follows
fbe2d27df9a43f9cbb2480f57b593edd.jpg
...you can't make this shit up. :dead:
 
So glad we have a President who trusts and admires the Russians
Because it will be so much better when the next one gets in who trusts and admires the Chinese... :p
The next one also has an uphill battle, and will probably have the administration responsible for Skynet and/or any other rouge AI - only half-joking about that one.
 
Seems that a second hacker group was also able to hack into Solarwinds and distribute their malware through them (under "Additional malware discovered"). And they were only discovered because of the investigation into the first hack.
Getting in is often the easiest part thanks to simple shit like lack of patching or social engineering. The persistence is the challenge and these guys exfil'd data (and more) for 8 months before discovery...and it is highly unlikely it was just data.
Looking at the public available Solarwinds attack and malware analysis there is nothing which stands out as particularly advanced. The attackers were professional and kept a low profile, sure.
But given that:
  • they infiltrated monitoring software which normally reads all files anyway,
  • they distributed through the hijacked software update process,
  • they were able to sign their malware (signed software is treated very differently from unsigned software by antivirus software), and
  • Solarwinds gave questionable advice like exempting their program directory from antivirus scans,
it is not surprising that the attack went undetected for so long.
 
  • Like
Reactions: erek
like this
Seems that a second hacker group was also able to hack into Solarwinds and distribute their malware through them (under "Additional malware discovered"). And they were only discovered because of the investigation into the first hack.

Looking at the public available Solarwinds attack and malware analysis there is nothing which stands out as particularly advanced. The attackers were professional and kept a low profile, sure.
But given that:
  • they infiltrated monitoring software which normally reads all files anyway,
  • they distributed through the hijacked software update process,
  • they were able to sign their malware (signed software is treated very differently from unsigned software by antivirus software), and
  • Solarwinds gave questionable advice like exempting their program directory from antivirus scans,
it is not surprising that the attack went undetected for so long.
SUPERNOVA not previously mentioned in this thread:


https://www.bleepingcomputer.com/ne...oor-found-in-solarwinds-cyberattack-analysis/
 
Where's the guy saying that the one back door was an isolated issue?
 
  • Like
Reactions: erek
like this
yep deeper than just the first malware find as i suspected.

"The source said the intruders behind the SolarWinds compromise seeded the AO’s network with a second stage “Teardrop” malware that went beyond the “Sunburst” malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software."
 
yep deeper than just the first malware find as i suspected.

"The source said the intruders behind the SolarWinds compromise seeded the AO’s network with a second stage “Teardrop” malware that went beyond the “Sunburst” malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software."
pendragon1 related to: https://hardforum.com/threads/whos-behind-the-solarwinds-hack.2005148/

"SolarWinds hackers linked to known Russian spying tools, investigators say" -- https://www.reuters.com/article/glo...-spying-tools-investigators-say-idINKBN29G16Z
 
"Raiu said the digital clues uncovered by his team did not directly implicate Turla in the SolarWinds compromise, but did show there was a yet-to-be determined connection between the two hacking tools."
why didnt you post it there then? i havent been in this thread for weeks...
 
Back
Top