Russia’s SolarWinds Attack

2020-12-28 12:21

It's an increasingly common way to attack networks.

Once inside a network, SVR hackers followed a standard playbook: establish persistent access that will remain even if the initial vulnerability is fixed; move laterally around the network by compromising additional systems and accounts; and then exfiltrate data.

Because any SVR hackers would establish persistent access, the only way to ensure that your network isn't compromised is to burn it to the ground and rebuild it, similar to reinstalling your computer's operating system to recover from a bad hack.

In recent years, the NSA has adopted a strategy of "Persistent engagement," sometimes called "Defending forward." The idea is that instead of passively waiting for the enemy to attack our networks and infrastructure, we go on the offensive and disrupt attacks before they get to us.

The SVR's access allows them not only to eavesdrop, but also to modify data, degrade network performance, or erase entire networks.

News URL

https://www.schneier.com/blog/archives/2020/12/russias-solarwinds-attack.html

#attack #russia #solarwinds

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	98	74	35	240

News URL

Related news

Related vendor