Sunday, April 11, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft and industry partners seize key domain used in SolarWinds hack

December 16, 2020
in Internet Security
Microsoft and industry partners seize key domain used in SolarWinds hack
589
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter.

special feature


Securing Your Mobile Enterprise

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise


Securing Your Mobile Enterprise

Mobile devices continue their march toward becoming powerful productivity machines. But they are also major security risks if they aren’t managed properly. We look at the latest wisdom and best practices for securing the mobile workforce.

Read More

The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company’s Orion app.

SolarWinds Orion updates versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, contained a strain of malware named SUNBURST (also known as Solorigate).

Once installed on a computer, the malware would sit dormant for 12 to 14 days and then ping a subdomain of avsvmcloud[.]com.

According to analysis from security firm FireEye, the C&C domain would reply with a DNS response that contained a CNAME field with information on another domain from where the SUNBURST malware would obtain further instructions and additional payloads to execute on an infected company’s network.

Takedown to prevent last-ditch hacks

Earlier today, a coalition of tech companies seized and sinkholed avsvmcloud[.]com, transferring the domain into Microsoft’s possession.

Sources familiar with today’s actions described the takedown as “protective work” done to prevent the threat actor behind the SolarWinds hack from delivering new orders to infected computers.

Even if the SolarWinds hack became public on Sunday, the SUNBURST operators still had the ability to deploy additional malware payloads on the networks of companies that failed to update their Orion apps and still have the SUNBURST malware installed on their networks.

In SEC documents filed on Monday, SolarWinds estimated that at least 18,000 customers installed the trojanized Orion app update and most likely have the first-stage SUNBURST malware on their internal networks.

However, the hackers do not appear to have taken advatange of all these systems and only carried out a handful of carefully-orchestrated intrusions into the networks of high-profile targets.

This was confirmed in a report on Monday from US security firm Symantec, which said that it discovered the SUNBURST malware on the internal networks of 100 of its customers, but it did not see any evidence of second-stage payloads or network escalation activity.

Similarly, Reuters also reported on Monday, confirmed with independent sources by ZDNet, that many companies that installed the trojanized Orion app update did not discover evidence of additional activity and escalation on internal networks, confirming that hackers only went after high-profile targets.

Since Sunday, when the SolarWinds hack came to light, the number of confirmed victims has grown to include:

  • US cybersecurity firm FireEye
  • The US Treasury Department
  • The US Department of Commerce’s National Telecommunications and Information Administration (NTIA)
  • The Department of Health’s National Institutes of Health (NIH)
  • The Cybersecurity and Infrastructure Agency (CISA)
  • The Department of Homeland Security (DHS)
  • The US Department of State

Sinkholing efforts underway to discover all victims

Currently, the avsvmcloud[.]com domain redirects to an IP address owned by Microsoft, with Microsoft and its partners receiving beacons from all the systems where the trojanized SolarWinds app has been installed.

This technique, known as sinkholing, is allowing Microsoft and its partners to build a list of all infected victims, which the organizations plan to use to notify all affected companies and government agencies.

“This is not the first time a domain associated with malware has been seized by international law enforcement and even by a provider,” ExtraHop CTO Jesse Rothstein told ZDNet in an email, referring to Microsoft’s previous takedown and sinkholing efforts against the Necurs and TrickBot botnets.

Current takedown and sinkholing efforts also include representatives for the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, looking to find other US government agencies that might have been compromised.

Due to SolarWinds’ extensive US government clientele, government officials are treating the SolarWinds compromise as a national security emergency. A day before the SolarWinds breach became public, the White House held a rare meeting of the US National Security Council to discuss the hack and its repercussions.

Indicators of compromise and instructions on how to discover and deal with a SUNBURST malware infection are available from Microsoft, FireEye, and CISA.

Credit: Zdnet

Previous Post

Nearly 18,000 SolarWinds Customers Installed Backdoored Software

Next Post

Outsourcing Product Marketing Content: A Guide

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
Outsourcing Product Marketing Content: A Guide

Outsourcing Product Marketing Content: A Guide

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine learning and big data needed to learn the language of cancer and Alzheimer’s
Machine Learning

Machine learning and big data needed to learn the language of cancer and Alzheimer’s

April 11, 2021
Job Scope For MSBI In 2021
Data Science

Job Scope For MSBI In 2021

April 11, 2021
Basic laws of physics spruce up machine learning
Machine Learning

New machine learning method accurately predicts battery state of health

April 11, 2021
Can a Machine Learning Model Predict T2D?
Machine Learning

Can a Machine Learning Model Predict T2D?

April 11, 2021
Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success
Data Science

Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success

April 11, 2021
Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU
Machine Learning

Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine learning and big data needed to learn the language of cancer and Alzheimer’s April 11, 2021
  • Job Scope For MSBI In 2021 April 11, 2021
  • New machine learning method accurately predicts battery state of health April 11, 2021
  • Can a Machine Learning Model Predict T2D? April 11, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates