The SolarWinds Sunburst attack has been in the headlines since it was first discovered in December 2020.
As the so-called layers of the onion are peeled back, additional information regarding how the vulnerability was exploited, who was behind the attack, who is to blame for the attack, and the long-term ramifications of this type of supply chain vulnerabilities continue to be actively discussed.
Cybersecurity company Cynet is taking a needed step back to provide a full picture of the SolarWinds attack from start to finish in an upcoming webinar, "Lessons Learned from the SolarWinds SUNBURST Attack."
Information regarding many aspects of the attack has been coming out in pieces, but we haven't yet seen this type of comprehensive overview of the technical steps behind the full attack, as well as clear recommendations for protecting against similar future attacks.
And this is precisely what's needed so security professionals can gain insights on the attack tactics, technologies, and processes to apply the appropriate strategic defense measures to prevent being a victim of targeted supply chain attacks.
Evil, Yet Impressive
From their first stealthy access to the Solarwinds environment in September 2019, the hackers brilliantly staged and carried out an attack that ultimately led to the compromise of systems in over 40 government agencies, including the National Nuclear Security Administration (NNSA), the US agency responsible for nuclear weapons. Targets in other countries, including Canada, Belgium, Britain, and Israel, were also hit.
The Cynet webinar unpacks the attack to explain the build process used by the attackers and then highlights the capabilities of the Sunburst, Teardrop, and Raindrop malware used in the attack.
Then, Cynet reviews the clever "kill switch" capabilities built into the backdoor to help ensure that it would not be discovered by security analysts.
Also, the webinar discusses the many new vulnerabilities that were exposed in SolarWinds' software and their ramifications.
A Look Forward
With a full understanding of how the attack was carried out, we can then determine whether we're likely to see these types of supply chain attacks proliferate and whether nation-states are already targeting key suppliers.
Unfortunately, in a field where success begets success, it's all too certain that similar attack approaches are actively underway somewhere. Cynet also shares their perspective on this topic during the webinar.
Given that most companies do rely on third-party providers for much of their core software, what should they do to protect themselves? Especially given that these companies have little choice but to continue their use of third-party software that could potentially be weaponized, despite the best efforts of the third-party providers to protect themselves.
Cynet provides guidance on defense measures that should be applied to ensure you're not a victim of a supply chain attack even though you have no visibility or control over your supplier's security. It's important that companies come to realize that these trusted third-party relationships can, and have been, compromised. And action must be taken now.