Security News > 2020 > December > Russia’s SolarWinds Attack

Russia’s SolarWinds Attack
2020-12-28 12:21

It's an increasingly common way to attack networks.

Once inside a network, SVR hackers followed a standard playbook: establish persistent access that will remain even if the initial vulnerability is fixed; move laterally around the network by compromising additional systems and accounts; and then exfiltrate data.

Because any SVR hackers would establish persistent access, the only way to ensure that your network isn't compromised is to burn it to the ground and rebuild it, similar to reinstalling your computer's operating system to recover from a bad hack.

In recent years, the NSA has adopted a strategy of "Persistent engagement," sometimes called "Defending forward." The idea is that instead of passively waiting for the enemy to attack our networks and infrastructure, we go on the offensive and disrupt attacks before they get to us.

The SVR's access allows them not only to eavesdrop, but also to modify data, degrade network performance, or erase entire networks.


News URL

https://www.schneier.com/blog/archives/2020/12/russias-solarwinds-attack.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 102 81 51 267