Search the Community
Showing results for tags 'critical network security'.
-
So on the 13th there was an announcement that Solar Winds's code itself had been compromised. This is posted in the Military Current Events because this is FAR worse than the OPM breach of more than 4 years ago. This means that malign third parties thus have root level access of networks of thousands of US companies AND Government networks. They have had this access since around April of this year. This is in this CERT announcement. Emergency Directive 21-01 https://cyber.dhs.gov/ed/21-01/ This is VERY Bad. Solar Winds, as a software package that runs on a server one places inside one's network is able to crawl one's networking devices so as to generate topological maps of your network architecture. I've used Solar Winds derived maps for solving networking problems that arise when you have a complex network and poor historical knowledge for various segments. The problem is that the mapping/analytics system needs to have passwords for your environment so as to crawl it and identify what ports are connected to what device. This means that the software effectively has credentials for your network that allow a profuse level of movement through it. The malware was inserted into the Solar Winds software at their code repository level, so it was compiled and sent out as part of the normal payload of updates one could apply to one's Solar Winds install instances. This mean that it would run, as part of solar winds and which would be white listed from your usual network security scans for malicious activity across your network. Interestingly, FireEye was who caught this and their platform managed to catch the data payload. The product list gives one an idea of what sorts of systems that may have been compromised by this rather large breach From the Solar Winds Security advisory: https://www.solarwinds.com/securityadvisory