Security News > 2020 > December > Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

Perhaps the most chilling aspect of the attack was how it propagated itself by installing itself as part of SolarWinds' standard distribution and update system.

As with so many complex infrastructure compromises, it doesn't really matter and knowing the answer won't do much to help understand the scope of the attack or the damage done.

A parallel pipeline that rebuilds everything continually and checks against the live files, with significant isolation from the production network and a second-pair-of-eyeballs policy for checking files in, could be made quite resilient to external attack.

Is that approach proportionate? Is it itself robust against attack? Would it catch the sort of mishap - SolarWinds build system FTP credentials being published in a repo - that may have led to Sunburst being opportunistically created? Does a company where that happens have bigger problems? Supply your own answers.

There's little doubt that the growth of automated, continual, distribution and patch systems bring up security problems of their own that in today's very dynamic, adversarial infosec environment need to be considered afresh.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/21/solarwinds_sunburst_evolve/