Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » Perpetrators of the attack were likely after a few prized assets – CEO of SolarWinds

Perpetrators of the attack were likely after a few prized assets – CEO of SolarWinds

by Vilius Petkauskas
23 February 2021
in Security
0
Perpetrators of the attack were likely after a few prized assets – CEO of SolarWinds

The SolarWinds logo is seen outside its headquarters in Austin, Texas. Reuters / Sergio Flores

20
SHARES

The group behind a global cyber-espionage campaign that compromised thousands of US software maker’s SolarWinds customers were likely seeking out specific targets, Sudhakar Ramakrishna, the CEO of the company, said on Monday’s Center for Strategic and International Studies (CSIS) webinar.

Ramakrishna, who took over the company weeks after the attack, will head to Washington this week to take part in a Senate intelligence panel over a hack in December that allowed threat actors to exploit the company’s software and continuously compromised up to 18,000 of its customers for more than a year.

Patience and persistence

US officials suspect that Russia was likely behind the attack, deemed one of the largest in recent memory. Ramakrishna told the webinar’s online audience that the perpetrators’ intent was likely not to cause as much damage as possible.

“In this particular case, given the tools, techniques, and processes that they have been using and the attribution to a nation-state, I feel that they were after a few prized assets. In some cases, simply learning about those environments, and in some cases, trying to get something out of those environments from an intelligence standpoint,” he said.

A lot of victims very early on in this conversation are hesitant to come out about exfiltration of data or attacks or information,

Sudhakar Ramakrishna

Ramakrishna explained that the nature of the attack points to the people behind it being extremely patient and employing highly sophisticated tools. The whole strategy of staying dormant over an extended period of time points to careful premeditation.

For example, the company indicated that the attackers trained on older versions of software code, trying not to raise any alarms within the software provider’s systems and avoid detection. Such behavior requires an understanding of underlying procedures the developer community employs to combat threat actors. A ‘manual effort’ by the attackers to understand the victim.

“The high point here is that there wasn’t one single technique used, and it was a long-drawn-out process with a very deliberate focus on cleaning up after themselves at every step of the way. So that requires more manual focus and more deliberation and understanding of the environments,” he explained.

The CEO of Solwarinds pointed out that the prolonged nature of the attack and the suspected depth of resources behind it prevented the company’s security teams from detecting the threat and creating preventive countermeasures against the danger.

“When you’re hiding in plain sight, where the traditional tools that you deploy in an environment cannot identify them easily and simply, or even with a lot of sophistication, then that becomes much more difficult to identify,” Ramakrishna said.

“If you were to run that with lower privileges, even if an attacker found a way to gain control, you won’t be able to do as much damage because you are a regular user, and you’re not an administrator of that network,” he said.

Least privileged access

Sharing what the company has learned from the attack, Ramakrishna pointed to better integration of the communities developing and using the software. For example, creating an environment of least privileged access.

He explained that one of the key reasons why threat actors targeted the Orion platform was that gaining access to it subsequently allows them to gain administrative privileges to Windows servers.

Ramakrishna said the company was focused on developing a ‘secure by design’ approach with the increased testing capability and focus on reaching out to customers that use their product. One way to increase resilience to future cyberattacks would be to provide additional security components such as hardening and configuration guides.

“It is our obligation to work with the ecosystem where the customers do not have to face the burden of having to do all of those. And we, as vendors, are collaborating alongside the government to provide more protected and protective environments for our customers,” the CEO of the company explained.

Costly silence

Ramakrishna pointed out that one of the less software-focused matters that make the clean-up process more difficult is that some victims of the attack are reluctant to go forward and admit that their systems were penetrated.

“A lot of victims very early on in this conversation are hesitant to come out about exfiltration of data or attacks or information. And that is, that could be because of liability concerns and other potential punitive concerns,” he said during CSIS’s event.

According to Ramakrishna, the government could intervene to prevent such fears by providing regulation that allows companies to go forward without fearing repercussions. Delays in reporting breaches, he said, stifles the ability and speed at which governments and developers can respond to the attacks.

“What we need to provide is the liberty and liberation needed to come out and speak about it. Because the more of us in the community that can create essentially the notion of a community vigil, so to speak, the more protected we are going to feel,” he said.

Share20TweetShareShare
Next Post
Best website builders for photographers

Best website builders for photographers

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

COMb data leak - Mother of all breaches
News

COMB: largest breach of all time leaked online with 3.2 billion records

by Bernard Meyer
12 February 2021
37

It's being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of...

Read more
14 million Amazon and eBay accounts sold online in new leak

14 million alleged Amazon and eBay account details sold online

17 February 2021
The hype around quantum computing: it’s not too early to get in

The hype around quantum computing: it’s not too early to get in

15 February 2021
Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

15 February 2021
Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

10 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!