Security News
Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself. As part of a coordinated disclosure with Microsoft and SolarWinds, FireEye released a report on Sunday with an analysis of the supply chain attack and how the Sunburst backdoor operates.
Trojanized versions of SolarWinds' Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate. SolarWinds' customer listing [1, 2] includes over 425 of the US Fortune 500, all top ten US telecom companies, hundreds of universities and colleges, all five branches of the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.
The motive and the full scope of what intelligence was compromised remains unclear, but signs are that adversaries tampered with a software update released by Texas-based IT infrastructure provider SolarWinds earlier this year to infiltrate the systems of government agencies as well as FireEye and mount a highly-sophisticated supply chain attack. "The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks," said Brandon Wales, acting director of the US Cybersecurity and Infrastructure Security Agency, which has released an emergency directive, urging federal civilian agencies to review their networks for suspicious activity and disconnect or power down SolarWinds Orion products immediately.
Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products." The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.
FireEye breach: State-sponsored attackers stole hacking toolsU.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company's RedTeam tools, FireEye CEO Kevin Mandia has disclosed. Key cybersecurity problems expected to mark 2021After a year in which COVID-19 upended the way we live, work and socialize, we are likely to see an increased threat from ransomware and fileless malware in 2021, according to ESET. How Kali Linux creators plan to handle the future of penetration testingOffensive Security might best known as the company behind Kali Linux, the popular open-source pen testing platform, but its contribution to the information security industry is definitely not limited to it.
Reading the proprietary FireEye information can help the adversary understand what parts of the attacker's arsenal has been figured out by FireEye and what hasn't, thereby providing invaluable intelligence that can be used to refine the attacker's arsenal. Reading FireEye's playbook may also provide the nation-state actor clues on new tools they should develop to neutralize FireEye tools and tactics, techniques and procedures.
FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a "Highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. Red Team tools are often used by cybersecurity organizations to mimic those used in real-world attacks with the goal of assessing a company's detection and response capabilities and evaluating the security posture of enterprise systems.
On Tuesday, security firm FireEye revealed that it was hit by a state-sponsored cyberattack through which the attackers stole its Red Team tools, a collection of scripts, scanners, and techniques used to train clients on how to improve their security defenses. The attackers operated clandestinely using tactics that counter security defenses and examination, and ones that Mandia said were not seen by FireEye or its partners before.
During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers' security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers.
U.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company's RedTeam tools, FireEye CEO Kevin Mandia has disclosed on Tuesday. "The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past."