躲光天化日之下:太阳风攻击揭示了什么功效

温馨提示:全文约402字,阅读全文大约需要1分钟

这一事件将有持续的余震,但它的纯粹复杂性是迷人的。技术层面上,这是一种多层渗透,涉及自定义恶意工具、后门和隐藏代码,远远超出了我们经常看到的利用更明显错误的脚本小子的技能

. 所有这些都是用看起来完全良性的代码来执行的.

网络攻击通常是简单但代价高昂的错误造成的。无数昂贵、复杂的安全技术也未能检测到它

如果说网络安全行业有什么东西可以毁掉圣诞节的话,那就是一个毁灭性的数据泄露事件,它有望成为>

SolarWinds攻击影响深远,威胁参与者最初已经破坏了软件超过300种不同的产品和服务

阅读完整的文章>

 

英文译文:

If ever there was something to ruin Christmas in the cybersecurity industry, it’s a devastating data breach that is on track to becoming the largest cyberespionage event affecting the US government on record.

The SolarWinds attack is far reaching, with threat actors having initially breached the software as early as mid-2019. This months-long heist was discovered in December 2020 after the scheme was used to infiltrate prominent cybersecurity firm, FireEye, and the nightmare unraveled from there. The full scope of the breach is still being investigated, but key areas of infiltration include US Departments of State, Homeland Security, Commerce, and the Treasury, in addition to the National Institutes of Health.

This incident is going to have ongoing aftershocks, but the sheer sophistication of it is fascinating. At a technical level, it is a multilayered infiltration involving custom malicious tooling, backdoors, and cloaked code, far beyond the skill of script kiddies we so often see exploiting more obvious errors.

Code Laundering at Its Best Worst
CrowdStrike has done more of their genius work in reverse-engineering the exploit, and detailing the findings for all to see. It has now come to light that SolarWinds was the victim of an infrastructure breach, allowing malicious code injection into system updates, resulting in at least four separate malware tools opening up unprecedented access for the threat actors.

The method was covert, allowing for a strategic precision that seems straight out of a Jason Bourne novel. It bought time to sniff around, plan, and strike victims outside of the SolarWinds network exactly when they wanted, in a comprehensive supply chain attack. And it was all carried out with code that looked completely benign.

Cyberattacks are often the result of simple, yet costly, errors. Once discovered, the mistakes are fairly obvious; think a poorly configured network, passwords stored in plaintext, or unpatched software that sits vulnerable to known exploits. In this case, the code didn’t stand out at all, and not just to developers and security engineers. A wide myriad of expensive, complex security technology failed to detect it too.

Tools Rendered Virtually Useless
Security professionals are aided in their quest to safeguard enormous amounts of company data, software, and infrastructure, by a technology stack that is customized to the security needs of the business. This usually takes the form of components like network firewalls, automated penetration testing, monitoring and scanning tools, with the latter soaking up a lot of time in the software development process. This tooling can quickly spiral and become unruly to manage and execute, with many companies using upward of 300 different products and services.

 

Share this Post:

相关资讯: