Monday, April 12, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020

March 1, 2021
in Internet Privacy
SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020
585
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.

The said password “solarwinds123” was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the misconfiguration was addressed on November 22, 2019.

You might also like

Hackers Tampered With APKPure Store to Distribute Malware Apps

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

Alert — There’s A New Malware Out There Snatching Users’ Passwords

But in a hearing before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017.

While a preliminary investigation into the attack revealed that the operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, Crowdstrike’s incident response efforts pointed to a revised timeline that established the first breach of SolarWinds network on September 4, 2019.

To date, at least nine government agencies and 100 private sector companies have been breached in what’s being described as one of the most sophisticated and well-planned operations that involved injecting the malicious implant into the Orion Software Platform with the goal of compromising its customers.

“A mistake that an intern made.”

“I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad,” Representative Katie Porter of California said. “You and your company were supposed to be preventing the Russians from reading Defense Department emails.”

“I believe that was a password that an intern used on one of his servers back in 2017 which was reported to our security team and it was immediately removed,” Ramakrishna said in response to Porter.

Former CEO Kevin Thompson echoed Ramakrishna’s statement during the testimony. “That related to a mistake that an intern made, and they violated our password policies and they posted that password on their own private GitHub account,” Thompson said. “As soon as it was identified and brought to the attention of my security team, they took that down.”

Security researcher Vinoth Kumar disclosed in December that he notified the company of a publicly accessible GitHub repository that was leaking the FTP credentials of the company’s download website in the clear, adding a hacker could use the credentials to upload a malicious executable and add it to a SolarWinds update.

In the weeks following the revelation, SolarWinds was hit with a class-action lawsuit in January 2021 that alleged the company failed to disclose that “since mid-2020, SolarWinds Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran,” and that “SolarWinds’ update server had an easily accessible password of ‘solarwinds123’,” as a result of which the company “would suffer significant reputational harm.”

NASA and FAA Also Targeted

Up to 18,000 SolarWinds customers are believed to have received the trojanized Orion update, although the threat actor behind the operation carefully chose their targets, opting to escalate the attacks only in a handful of cases by deploying Teardrop malware based on intel amassed during an initial reconnaissance of the target environment for high-value accounts and assets.

Besides infiltrating the networks of Microsoft, FireEye, Malwarebytes, CrowdStrike, and Mimecast, the attackers are also said to have used SolarWinds as a jumping-off point to penetrate the National Aeronautics and Space Administration (NSA) and the Federal Aviation Administration (FAA), according to the Washington Post.

The seven other breached agencies are the Departments of State, Justice, Commerce, Homeland Security, Energy, Treasury, and the National Institutes of Health.

“In addition to this estimate, we have identified additional government and private sector victims in other countries, and we believe it is highly likely that there remain other victims not yet identified, perhaps especially in regions where cloud migration is not as far advanced as it is in the United States,” Microsoft President Brad Smith said during the hearing.

The threat group, alleged to be of Russian origin, is being tracked under different monikers, including UNC2452 (FireEye), SolarStorm (Palo Alto Unit 42), StellarParticle (CrowdStrike), and Dark Halo (Volexity).

“The hackers launched the hack from inside the United States, which further made it difficult for the U.S. government to observe their activity,” Deputy National Security Advisor Anne Neuberger said in a White House briefing last month. “This is a sophisticated actor who did their best to hide their tracks. We believe it took them months to plan and execute this compromise.”

Adopting a “Secure by Design” Approach

Likening the SolarWinds cyberattack to a “large-scale series of home invasions,” Smith urged the need for strengthening the tech sector’s software and hardware supply chains, and promoting broader sharing of threat intelligence for real-time responses during such incidents.

To that effect, Microsoft has open-sourced CodeQL queries used to hunt for Solorigate activity, which it says could be used by other organizations to analyze their source code at scale and check for indicators of compromise (IoCs) and coding patterns associated with the attack.

In a related development, cybersecurity researchers speaking to The Wall Street Journal disclosed that the suspected Russian hackers used Amazon’s cloud-computing data centers to mount a key part of the campaign, throwing fresh light on the scope of the attacks and the tactics employed by the group. The tech giant, however, has so far not made its insights into the hacking activity public.

SolarWinds, for its part, said it’s implementing the knowledge gained from the incident to evolve into a company that is “Secure by Design” and that it’s deploying additional threat protection and threat hunting software across all its network endpoints including measures to safeguard its development environments.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

(Part 2 of 4) How to Modernize Enterprise Data and Analytics Platform - by Alaa Mahjoub, M.Sc. Eng.

Next Post

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

Related Posts

Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business
Internet Privacy

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

April 10, 2021
Alert — There’s A New Malware Out There Snatching Users’ Passwords
Internet Privacy

Alert — There’s A New Malware Out There Snatching Users’ Passwords

April 10, 2021
Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
Internet Privacy

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

April 9, 2021
Gigaset Android Update Server Hacked to Install Malware on Users’ Devices
Internet Privacy

Gigaset Android Update Server Hacked to Install Malware on Users’ Devices

April 9, 2021
Next Post
Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

An overview of Augmented reality applications and their future impact on AI
Data Science

An overview of Augmented reality applications and their future impact on AI

April 12, 2021
IIT Hyderabad Offers Interdisciplinary PhD in Artificial Intelligence, Machine Learning and Information Theory
Machine Learning

IIT Hyderabad Offers Interdisciplinary PhD in Artificial Intelligence, Machine Learning and Information Theory

April 12, 2021
Ransomware: The internet’s biggest security crisis is getting worse. We need a way out
Internet Security

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

April 12, 2021
Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027
Data Science

Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027

April 12, 2021
Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars”
Machine Learning

Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars”

April 12, 2021
Interpretive Analytics in One Picture
Data Science

Interpretive Analytics in One Picture

April 12, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • An overview of Augmented reality applications and their future impact on AI April 12, 2021
  • IIT Hyderabad Offers Interdisciplinary PhD in Artificial Intelligence, Machine Learning and Information Theory April 12, 2021
  • Ransomware: The internet’s biggest security crisis is getting worse. We need a way out April 12, 2021
  • Data Center Infrastructure Market is Projected to Reach USD 100 Billion by 2027 April 12, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates