Security News > 2020 > December > Russia’s SolarWinds Attack
It's an increasingly common way to attack networks.
Once inside a network, SVR hackers followed a standard playbook: establish persistent access that will remain even if the initial vulnerability is fixed; move laterally around the network by compromising additional systems and accounts; and then exfiltrate data.
Because any SVR hackers would establish persistent access, the only way to ensure that your network isn't compromised is to burn it to the ground and rebuild it, similar to reinstalling your computer's operating system to recover from a bad hack.
In recent years, the NSA has adopted a strategy of "Persistent engagement," sometimes called "Defending forward." The idea is that instead of passively waiting for the enemy to attack our networks and infrastructure, we go on the offensive and disrupt attacks before they get to us.
The SVR's access allows them not only to eavesdrop, but also to modify data, degrade network performance, or erase entire networks.
News URL
https://www.schneier.com/blog/archives/2020/12/russias-solarwinds-attack.html
Related news
- Evil Corp's deep ties with Russia and NATO member attacks exposed (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)