InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,609.95
(
0.59%
)
US TECH 100
20,046.00
(
0.68%
)
Dow Jones
39,479.67
(
0.48%
)
Brent Oil
84.94
(
0.29%
)
Bitcoin
57,668.03
(
-0.61%
)
Post# of 249226
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2824
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Saturday, 01/23/2021 2:18:53 PM

Saturday, January 23, 2021 2:18:53 PM

Post# of 249226
Microsoft details how SolarWinds hackers hid their espionage

https://www.cyberscoop.com/solarwinds-hack-russia-spying-microsoft/

Attackers behind an espionage campaign that exploited software built by the federal contractor SolarWinds separated their most prized hacking tool from other malicious code on victim networks to avoid detection, Microsoft said Wednesday.

The findings make clear that, while the hackers have relied on a variety of tools in their spying, the tampered SolarWinds software functioned as the cornerstone of an operation that Microsoft described as “one of the most sophisticated and protracted” of the decade. Multiple U.S. federal agencies focused on national security have been breached in the campaign, which U.S. officials have linked to Russia.

The latest Microsoft research comes as influential security firms continue to come forward as victims of the hacking campaign. Malwarebytes said Tuesday that the same hacking group had apparently breached some of the firm’s internal emails by abusing access to Microsoft Office 365 and Azure software. Malwarebytes said it doesn’t use SolarWinds software, underscoring the array of attack vectors used in the campaign.

Access to SolarWinds’ network monitoring software, which is used by a range of Fortune 500 firms, would offer an attacker who manages to compromise the technology prime access to an organization’s sensitive data.

Researchers have since suggested that other groups will aim to adopt the SolarWinds hackers’ techniques for their own gain.

The attackers “apparently deem[ed] the powerful SolarWinds backdoor too valuable to lose in case of discovery,” Microsoft researchers said in its latest blog post. And so the spies ensured that the malicious code they used to move through victim organization was “completely disconnected from the SolarWinds process,” the researchers said.

Moscow has denied involvement in the hacking campaign. Recovering from the breaches, and responding to the perpetrators, will be an early test for President Joe Biden’s administration.

The new Microsoft research also offers one of the more detailed timelines of the hacking operation, covering when the spies selected victims and prepared malicious software implants.

After the SolarWinds trojan was delivered to organizations, the attackers spent about a month pinpointing victims, according to Microsoft. As early as May 2020, the hackers were doing the “real hands-on-keyboard activity” of moving through victim networks for valuable data, Microsoft said.

The hackers were meticulous in covering their tracks. They prepared unique malicious code implants for each victim machine, according to Microsoft, and changed timestamps of the digital clues they left behind to complicate the recovery process for organizations. Microsoft called the former technique an “incredible effort normally not seen with other adversaries and done to prevent full identification of all compromised assets.”

That echoes what first responders at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have told technology executives about the hacking campaign.

“One of the initial targets of their activity is to go after the incident responders and IT professionals in your organization, ostensibly to see if you’re conducting response activities to their activities,” a CISA official told industry executives in a call about the SolarWinds campaign this month.

“Your defenders are being explicitly targeted in a number of instances by the adversary…to see if the adversary needs to move.”
=================================================================
It seems quite disturbing that after all the ransomware, data breaches, cyber attacks and SolarWinds hack that a technology that could REALLY help organizations has been inexplicably been put on the back burner (Wave)!!! Using the status quo has resulted in many billions of dollars in cyber damage. It's time to take Wave off the back burner and put it on the launching pad!!!
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excerpt:

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
http://www.wavesys.com/

http://www.wavesys.com/contact-information

Contact Wave

Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com



























Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up