15 Dec 2020

Every day, the information we learn about the FireEye hack just keeps getting increasingly worse.

Last week we wrote about the hack occurring; yesterday we reported that not only was FireEye impacted, but the US government was, as well… Along with businesses and other governments across the globe; and today, we are starting to understand the full scope of the attack, and it’s not pretty.

In fact, it now appears that around 18.000 entities were victims of this particular attack.  As we mentioned yesterday, the hackers were able to worm their way into systems via the Austin, Texas-based software tools provider, SolarWinds.  While it has not been 100% proven, it appears that the most likely culprit was Cozy Bear, a Russian Federal Security Service (FSB) hacking group, though they are, not surprisingly, denying any responsibility.

The responsible party, who is clearly extremely sophisticated, utilized a SolarWinds software update to infect selected victims via a backdoor version of SolarWind’s Orion network management tool (which is now being called “Sunburst”).  According to a document filed yesterday by SolarWinds, the hackers then used Sunburst to infect customers who installed an update between March to June of this year… which was approximately 18,000 of their 300,000 customers.

What Happened?

Orion was extremely appealing to CozyBear for a multitude of reasons. First of all, the infected tool is widely used and seemingly innocuous, as its job is to manage network devices, like routers, within organizations, many of which are rather large.  Additionally, the software is afforded a high level of privilege across multiple networks, so gaining control would be (and was) very advantageous.

According to one of FireEye’s releases on Sunday, there was also a digitally-signed component of the Orion framework containing Sunburst whose job was to communicate directly with any servers that were controlled by the hackers. To make matters worse, Sunburst was written specifically to conceal the identity of the hackers by not only remaining dormant for several weeks but also by blending in seamlessly with actual SolarWinds data traffic.

Taking Control

But that’s not all they did. While Sunburst didn’t give the hackers FULL control over the networks and devices, the access granted was still significant and the cyber criminals were able to leverage additional sophisticated techniques to get even deeper.  For example, they were able to steal signing certificates that gave them the ability to mimic the victims’ accounts AND users via the Security Assertion Markup Language (SAML) in order to exchange crucial authentication and authorization information with their service providers.

Unfortunately, attacks on the Supply Chain can be really difficult to mitigate due to their wide reach, and it may be unclear for a while still just how many of the suppliers were attacked.  That being said, CISA has released an Emergency Directive to assist companies who fear they may have fallen victim to this attack and FireEye has posted a list of measures you can use to check and see if you have been impacted.  This also emphasizes just how important cyber security measures in the supply chain are for our national security and reaffirms the need for such regulations as CMMC and NIST SP 800-171.

As always, if you have concerns of your own, feel free to contact us by calling 919-422-2607, or schedule a free online consulation today.  Chances are if you have questions, you’re likely not ready for this kind of attack, and remember – hackers have NO shame.

Stay safe out there.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top