7

Security at SolarWinds likely to come up later on: ex-NSA hacker

 3 years ago
source link: https://www.itwire.com/security/security-at-solarwinds-likely-to-come-up-later-on-ex-nsa-hacker.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Tuesday, 22 December 2020 09:50

Security at SolarWinds likely to come up later on: ex-NSA hacker Featured

By Sam Varghese

Jake Williams: "SolarWinds Orion was the first that was truly as good as it is. It's nearly idiot-proof compared to its competitors at the time it achieved mass market share."

Jake Williams: "SolarWinds Orion was the first that was truly as good as it is. It's nearly idiot-proof compared to its competitors at the time it achieved mass market share." Supplied

Federal authorities are likely to be looking into security practices at Texas-based SolarWinds and would have secured evidence during a raid on their offices in the wake of the revelations about cyber attacks being launched using the company's supply chain as a vector, a senior infosec practitioner says.

Jake Williams, a former NSA hacker and member of the agency's now disbanded Tailored Access Operations group, told iTWire in response to queries that SolarWinds had said it was working with an outside firm to find out the details of the attack.

The attack came to light this month soon after cyber security firm FireEye announced on 9 December AEDT that it had been compromised and had its Red Team tools stolen.

Five days later, FireEye issued details about attacks using malware which it called SUNBURST, which it said had been used to hit both private and public entities, by corrupting the Orion network management software, a product of SolarWinds.

A number of US Government departments — Homeland Security and Treasury among them — have been named as being affected. FireEye, too, appears to have been a victim. The Orion software has very wide usage in the US and also in Britain.

A Yahoo! News report on Saturday claimed the attackers had been inside SolarWinds' system since at least mid-2019.

Williams, who now runs his own security outfit, Rendition Infosec, said there had been no discussion about security at SolarWinds, "probably because we're too busy responding to the aftermath to worry about reviewing SolarWinds' security: a 25-metre target vs something much further down the road".

Asked about the widespread use of Orion and whether there were no products as good as it in the market, he said, while there were other products that measured up today, "SolarWinds Orion was the first that was truly as good as it is. It's nearly idiot-proof compared to its competitors at the time it achieved mass market share".

As to whether Orion had gained its widespread use because of connections, Williams responded: "Once you secure first mover advantage, there's definitely inertia. CIO and CISO were barely positions when Orion became popular.

"Many of the people holding those positions today actually used Orion in their day, so it's an easy sell."

Williams cautioned people about the fact that were likely to be other software supply chain compromises going on right now, while the discussion about SolarWinds was taking place.

"I'll bet that they're not as large in scope as Orion, but this isn't even the first targeting IT management software," he said.

"Take a look at the ShadowPad attacks from a few years ago. This works, and attackers will come back to what works."

ShadowPad is a backdoor that was found in software created by a company called NetSarang and discovered by Russian security firm Kaspersky. The backdoor was embedded in one code library, nssock.dll.

In the case of Orion, the compromised component was named as SolarWinds.Orion.Core.BusinessLayer.dll, a digitally signed part of the software. This contained a backdoor that communicated with third-party servers using HTTP.

Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK