Jump to content

Solar Winds Data Breach

rmgill

By rmgill
in Military Current Events

 Share

Recommended Posts

DB Crew

DB

Posted
Posted

if you want a secure network, it pretty much has to be airgapped. No internet connection, no uploading of the crown jewels.

As for who was affected, "425 of the Fortune 500" means you can have a damned good guess as to who...  Odd are that most of these could be impacted:

https://fortune.com/fortune500/2020/search/?f500_industry=Pharmaceuticals

Pfizer is second on that list, 64 overall. Not saying they are one of the 425, nor that even if they were they were compromised.

  • Replies 167
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Ivanhoe Hierophant Lord

Ivanhoe

Posted
Posted

Concise quote concerning HIPAA breaches;

Quote

"You can outsource the function, but you can't outsource the risk. As much as a vendor is accountable if the culprit of a breach, "it's the data owner who's in the headlines and has their reputation at stake," he says.

 

Ivanhoe Hierophant Lord

Ivanhoe

Posted
Posted

https://www.zdnet.com/article/a-second-hacking-group-has-targeted-solarwinds-systems/

Quote

 

As forensic evidence is slowly being unearthed in the aftermath of the SolarWinds supply chain attack, security researchers have discovered a second threat actor that has exploited the SolarWinds software to plant malware on corporate and government networks.

Details about this second threat actor are still scarce, but security researchers don't believe this second entity is related to the suspected Russian government-backed hackers who breached SolarWinds to insert malware inside its official Orion app.

 

Quote

 

Reports from GuidepointSymantec, and Palo Alto Networks detailed how attackers were also planting a .NET web shell named Supernova.

Security researchers believed attackers were using the Supernova web shell to download, compile, and execute a malicious Powershell script (which some have named CosmicGale).

However, in follow-up analysis from Microsoft's security teams, it's been now clarified that the Supernova web shell was not part of the original attack chain.

 

So basically an opportunistic infection of victim systems. 

 

 

Ivanhoe Hierophant Lord

Ivanhoe

Posted
Posted

1*1i0foJASNvgqsYdYsYiHEA@2x.jpeg

Thanks to Urban Dictionary, I now know what "yeet" means.

 

 

Ivanhoe Hierophant Lord

Ivanhoe

Posted
Posted

https://www.zippia.com/solarwinds-careers-38741/#

Quote

The staff at SolarWinds come from unusually diverse demographic backgrounds. The company is 32.7% female and 44.7% ethnic minorities. Even though it has great demographic diversity, SolarWinds notably lacks in political diversity. It has an unusually high proportion of employees who are members of the Democratic Party, at 81.2%. Despite having coworkers who agree with each other about politics, employees at SolarWinds tend to have relatively short tenures. Staff members usually stay with the company for 1.7 years. The average employee at SolarWinds makes $87,866 per year. Pay at SolarWinds is significantly lower than some of its highest paying competitors, like VMware, Splunk, and Trend Micro, which pay $129,974, $113,634, and $106,185, respectively.

 

Nothing says "Our Commitment to Quality" like staff churn and low pay. 

 

Ivanhoe Hierophant Lord

Ivanhoe

Posted
Posted

https://www.forbes.com/sites/jodywestby/2020/12/16/solarwinds-cyber-attacks-raise-questions-about-the-companys-security-practices-and-liability/?sh=23c7304f711d

Quote

The Washington Post reported that on December 7, two of SolarWinds’s top investors, Silver Lake and private equity firm Thoma Bravo, sold $280 million worth of stock. FireEye first discovered the theft of some of their most valuable forensic tools on December 8, and by December 11, it discovered the SolarWinds software update with malware and contacted the company. 

https://www.axios.com/solarwinds-hacking-insider-trading-54e3eb22-d2ff-448d-a9a3-70532f3f4cad.html

Quote

The IT vendor is (belatedly) pushing back against suggestions that its two largest investors engaged in insider trading ahead of the hack revelations.

With a 2015 market cap of $4.5B, the selloff was like 6%. So, not a complete wash sale. However, if you needed a big bag of cash for criminal and/or tort representation, $280M would be a great start. 

RETAC21 Crew

RETAC21

Posted
Posted
31 minutes ago, Mistral said:

Only an idiot would fight a conventional conflict with either Russia or China.

Unless you are China or Russia fighting each other... 

Ivanhoe Hierophant Lord

Ivanhoe

Posted
Posted
6 hours ago, Simon Tan said:

The Rus or Chinese having all this info only really hurts the real enemy, the Permanent State. 

It is looking like the Chinese own a substantial chunk of the permanent state. I can imagine that cyberattacks would be a technique the PRC would use to frighten the American political class, so that the 3 branches of gov't (FB, Twitter, Google) all agree to dial back freedoms further.

Stuart Galbraith Hierophant Lord

Stuart Galbraith

Posted
Posted (edited)
3 hours ago, Mistral said:

Only an idiot would fight a conventional conflict with either Russia or China.

Who says you would get a choice? We didnt get much of a choice about fighting China in 1951 either.

Edited by Stuart Galbraith
Stuart Galbraith Hierophant Lord

Stuart Galbraith

Posted
Posted

Yes, but we arent a superpower. Inevitably the US, if it wants to maintain its world position, is on a collision course with Chinese and Russian ambitions. That Russia is actually trying to do something about that should surprise nobody. Ive been pointing this out since 2014, and its been entirely self  evident in any case since 2008. It should surprise nboody other than the willfully incredulous.

As for China, its a challenge the entire world can duck for now, but it will come. But im not sure why its even on the Solar Winds thread, because there is it would appear, absolutely no evidence they had anything to do with it.

JasonJ Crew

JasonJ

Posted
Posted
9 minutes ago, Stuart Galbraith said:

Yes, but we arent a superpower. Inevitably the US, if it wants to maintain its world position, is on a collision course with Chinese and Russian ambitions. That Russia is actually trying to do something about that should surprise nobody. Ive been pointing this out since 2014, and its been entirely self  evident in any case since 2008. It should surprise nboody other than the willfully incredulous.

As for China, its a challenge the entire world can duck for now, but it will come. But im not sure why its even on the Solar Winds thread, because there is it would appear, absolutely no evidence they had anything to do with it.

https://www.tanknet.org/index.php?/topic/45190-solar-winds-data-breach/&do=findComment&comment=1510994

Nobu Crew

Nobu

Posted
Posted (edited)
1 hour ago, Stuart Galbraith said:

As for China, its a challenge the entire world can duck for now, but it will come. But im not sure why its even on the Solar Winds thread, because there is it would appear, absolutely no evidence they had anything to do with it.

Interestingly, given his track record, I'd have thought Pompeo would have been the first in line to connect China and Chinese with the hack, and the first one at the high-level briefings on the hack to ask "How do you know they aren't?"

This is assuming he is not some sort of imbecile and that his strong stance on China has not in fact been a charade, of course.

Edited by Nobu
glenn239 Hierophant Lord

glenn239

Posted
Posted
1 hour ago, Stuart Galbraith said:

Yes, but we arent a superpower. Inevitably the US, if it wants to maintain its world position, is on a collision course with Chinese and Russian ambitions. That Russia is actually trying to do something about that should surprise nobody. Ive been pointing this out since 2014, and its been entirely self  evident in any case since 2008. It should surprise nboody other than the willfully incredulous.

As for China, its a challenge the entire world can duck for now, but it will come. But im not sure why its even on the Solar Winds thread, because there is it would appear, absolutely no evidence they had anything to do with it.

Given that the only possible way the US could lose its Great Power status would be in a nuclear war against Russia, this data breach might wind up having a silver lining if it causes deterrence and (grudging) mutual respect.

Stuart Galbraith Hierophant Lord

Stuart Galbraith

Posted
Posted
41 minutes ago, Nobu said:

Interestingly, given his track record, I'd have thought Pompeo would have been the first in line to connect China and Chinese with the hack, and the first one at the high-level briefings on the hack to ask "How do you know they aren't?"

This is assuming he is not some sort of imbecile and that his strong stance on China has not in fact been a charade, of course.

Exactly. That and the various intelligence services say Russia. Yes, there may be some other players in there, but the primary actor was spelt out clearly from the start.

Ivanhoe Hierophant Lord

Ivanhoe

Posted
Posted
6 hours ago, Stuart Galbraith said:

Exactly. That and the various intelligence services say Russia. Yes, there may be some other players in there, but the primary actor was spelt out clearly from the start.

Which, in the case of cyberattacks, is often disinformation. The major state actors are known to configure their attacks to emulate the style of a different state actor.

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...