The SolarWinds Hack Explained | Cybersecurity Advice
HTML-код
- Опубликовано: 13 сен 2024
- You’ve probably heard about the latest major cyber attack, hitting organizations through a malicious code injection in a SolarWinds product. There’s a lot to it. Thankfully, CBT Nuggets trainer Keith Barker (@KeithBarker) is here to break down some of the details -- how it happened, how the perpetrators did it, and what can be done to prevent incidents like this from happening again.
Check out a detailed explanation of the SolarWinds Advanced Persistent Threat (APT) attack and other intrusion tactics on our blog: blog.cbt.gg/t9p
Not a CBT Nuggets subscriber? Start your free week: cbt.gg/2I5NxY1
-----------------
FireEye, one of the world’s leading cybersecurity firms, announced on December 8th, 2020, that state-sponsored hackers had broken into their systems and stole their penetration testing tools. This was the first discovery of the sweeping cyberattack, on malware they call “SUNBURST.” FireEye also discovered that they weren’t alone -- SolarWinds’ Orion update servers had been corrupted and weaponized by the very same hackers, affecting 18,000+ private and government organizations, going back to Spring of 2020.
At this point, no one can be certain how many customers this has affected, but this was easily one of the biggest cyberattacks of the decade. This massive breach impacts critical U.S. government agencies, including the Departments of State, Homeland Security, Energy, Treasury, Commerce, the Pentagon, and the National Institutes of Health.
International technology companies in the private sector weren’t spared either, as Cisco, Intel, Nvidia, Belkin, and VMware were all targeted as well.
-----------------
Connect with CBT Nuggets for the latest in IT training:
Twitter - / cbtnuggets
Facebook - / cbtnuggets
Instagram - / cbtnuggets
LinkedIn - / cbt-nuggets
#solarwinds #cybersecurity #cyberattack
Keith Barker demystifying IT with CBT Nuggets since 2012. Best video on RUclips about the Solar Winds attack.
I haven't heard your voice since I was studying for SY0-301... Nice video & thanks for helping me pass that btw lol...
Same here (: Did my CCNA in 2014 and was going through the course by him, loved the way he presented it
@@stungun3009 its great i decided to read comments then, im only 15, but i was hoping to get the certifs for being an IT or otherwise
435
keith is the best at teaching anything IT related hands down
Keith Baker. The GOD of IT. Greatest of all Time. With an unmistakable voice
I wouldn't call him GOD, but he is the BEST IT trainer in the world.
I am your student learned checkpoint and f5 your videos are so greatly improved my productivity thanks
Thanks, Instructor Barker for explaining the Solar winds hack in a simplified way for a layman to understand. Understood the terms supply chain attack much more clearly from your video.
Thank you once again :)
Always a pleasure to listen to Keith
Best video on the subject, really clear and precise. Nice for someone to start on this topic.
Hi Keith can you share a link to a video or documents where can I learn SolarWinds ARM( Access Right Manager) please ?thanks in advance
Good explanation. The tips at the end are a bit odd as they are aimed at general users while you were explaining a supply chain attack where this should not help you as the user. Still good to keep repeating thou.
i agree.
He is saying this because likely an individuals password security was the cause of supply chain infiltration.
As always the one and awesome @Keith Barker
Your channel really should be getting more views then it is....... guys for real share this shiz around and lets get this dude some more views...
This is why the Privileged account management becomes the top priority for CISOs
2021 and this dude is still a rockstar IT!
Very informative in clear understandable detail. Thanks for sharing, just subscribed...
Interesting Name. Dunno much about Computers....yet...but one THING DO KNOW.....The SUN is the HARDEST HARDWARE in our SOLAR SYSTEM...But is it the SOFTWARE as well or is it PLUTO ???
Thanks for the info, nice video good job man
Thanks Keith! You just saved me hours of research!💞
Thanks for the nice explanation
I have a koozie, "I drink because your password is password." I'm going to have to make a new one, "I drink because your password is solarwinds123."
Breve y Conciso (in my mother language means Short & Concise).
We have outsourced all aspects of software development for decades now. Because the US based programmers are expensive. Well, quite frequently you get what you paid for, cheap labor gets you crappy software. Once in a while you get security breaches, just like the SolarWinds one, whose software was developed in countries that used to be part of the Eastern Bloc. Places where Russians have large presence. It's like begging to be hacked. Will we ever learn?
great explanation! youre my fav teacher on cbt always so cheery i dig it :)
A zero day attack?
Our company is not usingcsolarwinds products
thx keith I've been askin this question every where no one gave me responses even a simple one thx friend
Hey Keith I’d also add to your recommendations, clicking on buttons or links through seemingly recognizable icons, even the time at which the website is displayed, all these things can be decorated and sincerely cybersecurity is the nearest subject we can personify as Pandora’s box
Did they patch this issue? (I know a UK Defence research company that was using this no names back in 2016 don't know if they jump to another vendor as there was talk back in 2016 lets hope so!)
Awesome summery what you explain in last of your video, Thank you so much!
Amazing video sir you explain in a very simple way.
I use Solar PuTTY and wondered if perhaps it too was compromised....
Liked and Subbed. 🎉
I think what would have helped the most is having some dependency scanning or SAST/DAST in their cicd pipeline
The hackers played smart...their malware was dormant for some time even after they got it in for AV evasion.
Bro you’re awesome... I wish I knew earlier that you were on youtube too
And... Always wear a mask when installing software updates.
Big fan of yours, sir!
Recommendations on password was helpful.
Password manager is a bad solution. If someone gets access to your passwd manager, they can steal all your saved passwords. Also people tend to set weak passwords for passwords managers believing that now that they keep passwords in a manager, then they are safe.
Perhaps can set a Passphrase for your Master Password for your Password Manager.
Be careful about xhina.
Why???
BATMAN 👑
Hey what if i attain my ccna,ccnp,ccie(security) in one year 2021? Sounds good
Good explanation Keith. Nice production as well. Zscaler approved! :-)
Hello,
Can i get some reference links for how they compromise update server.
Great video
Love it. Great video, awesomely put together.
Great video ☺️
Thank you for the info!
They couldn't just modify update files on the FTP server as the malicious update was signed. I suspect compromise of a code repository.
short and crisp!!
So r these attackers very advanced or not so very advanced ? The suspect pool just increased exponentially
Wow 2:53
3 YEARS AGO TODAY HOMELAND SECURITY
What can you do if you did download apps from untreated
Well explained Keith. Thanks for the explanation!
Some of these supply chain/3rd party companies are too big. To rely and "hope" their security when they have so much access to your network is a little crazy.
Thank U
Where can I purchase the shirt??
Awesome
Security Advisory: (Updated 12/24/20) SolarWinds asks ALL ORION PLATFORM CUSTOMERS to update their Orion Platform software as soon as possible to help ensure the security of your environment. More information is available in our Security Advisory and FAQ pages.
ETHICAL HACKER
A.K.A BATMAN 👑
SECTION 2: Firewall Torture
No engineer worth their salt would store credentials in source control...
You would if you are using a tool like Ansible or Puppet to deploy code but then it should be encrypted.
An example would be AWS Access keys that you are keeping updated with Puppet or Ansible. But also I guess there are better solutions from AWS so you don't have to use access keys, just as having a role that you assign to an EC2 instance. Then you don't have to used access keys on the server. The role has the permissions and roles can be applied to an EC2 instance. Any code running on the instance then has the permissions that are assigned to the role.
@@UrbanGuitarLegend Yes, as long as it's encrypted it's mostly fine... I think generally the preferred approach would be integrating with Vault or something similar.
Great .... the black bug is still crawling along your bed line... !
using too popular tools is a big security risk
I’m so paranoid right now that I’m using EMail inside a VM.
Lol don’t lie
BATMAN 👑
It's crazy how many people fall for these tricks even though we hear the same warnings all the time. That shows you that hackers are getting more sophisticated everyday. #StayFrosty
Spooky stuff.
#DMOBILE
A few Questions: Are there many SolarWinds Orion users in Russia? Who are they?
If there are some users in Russia, why would an enemy of America use American network management software?
SolarWinds Orion is used by over 300,000 customers across the Globe, some of those will probably be in Russian.
Many companies use software or hardware made from what you call "enemies" countries, this is because we live in a global economy and that what drives the usage. Around 85% of Russians Desktop systems run on Microsoft Operating System.
gs.statcounter.com/os-market-share/desktop/russian-federation
Total OS usage gs.statcounter.com/os-market-share/all/russian-federation
I still need to understand that when the malware was downloading then what was the anti-virus doing?
This is not your typical malware, this was very stealthy and was not known by any AV products so would not be detected.
A number of things made the attackers code stealthy.
It was signed with valid certs.
It laid dormant for 12-14 days before activating.
It would also check what security tools were being run and would not run its main code if it detected certain EDR software were running.
It would check to see if the target device was a device with Malware investigation tools installed and again would not run.
It C&C used stenography techniques to hide is commands inside its traffic.
So, its not your typical malware.
@@SteveGillham ok 👍
@@SteveGillhamexcellent explanation amigo :-) gracias
Only one way to ensure Cyber Security after a compromise
ReMove all Systems from the Net, which includes all wireless access points
ReBoot all systems
ReLoad all systems with verifiable Known clean virgin software and firmware
After the ReBoot, and ReLoad, an assessment of the System integrity must be evaluated before going live online
Basically you've given up your whole infrastructure of systems, and cyber security, and networking.
With a plausible corruption or intrusion by Unknown forces...
Now your infrastructure that has been compromised will become as a State of National untrustworthiness of hardware and software, never to be trusted again!
Boom there goes your infrastructure of computing Systems! 💥
I hope this comment has gotten you And I like to thank you for sharing ☺️
Hi Keith, it sounds like SolarWinds is a pure victim. How about the Dominion? Thanks.
There was nothing wrong with Dominion software, that was all just false claims.
Conspiracy theorists are attempting to link a large-scale hack of U.S. federal agencies to debunked claims of widespread voter fraud.
www.dominionvoting.com/latest-news-dominion-statement-on-dhs-advisory-regarding-solarwinds-orion-platform/
@@SteveGillham lool dominion have been caught lying, wouldn't trust that
@@jordanheaver6286 and you comment just shows how easy you have been caught up in the conspiracy theory.
Its already been proven not just by Dominion that they never used Solarwind Orion and the photoshop screenshot was being used to prop up Trump fraud conspiracy.
Still you believe what you wish as you are not willing to accept the facts.
@@SteveGillham u realise after they removed it, they forget to remove it from the source code. Do your own research
@@jordanheaver6286 What are you talking about, you are not making any sense at all.
Please explain you comment
"they forget to remove it from the source code"
DECEMBER 18...
#HOMELANDSECURITYSUX
#HOMELANDSECURITYSUX
DECEMBER 18th is MY DAY😁👑
This is absolutely incorrect. The attack was far deeper than a mere compromise of the update server, the actual build system where the SolarWinds.Orion.Core.BusinessLayer.dll was compiled and linked was owned. The attackers simply built the malicious code into the actual binary; thus there was actually no need to compromise the update server at all, because the file being updated was the actual official binary from solarwinds.
Solarwinds is negligent as they should have built the entire product on an isolated (non internet connected) network, and should have audited every component that was installed on that isolated network.
Keith, I remember watching one of your videos and your future son-in-law had called you to ask for your daughter's hand in marriage.
Every top person in management at solarwinds (Orion) should be fired
Why?
Orion is not a set of tools but a platform. Do your homework before doing a claim.
December 18th
My BIRTHDAY WI$H...
TO CATCH THESE HACKER$!!!
BATMAN 👑 1987
I don’t buy it. With something as basic as wrong password lock out nowadays it’s imposible to guess a password. It must be an inside job.
It is not impossible to guess a password. Hackers can do sophisticated things and if you don't understand what they can do then don't deny the fact they can do it
@@chromecast4408 At work if I enter the wrong password 5 times I get locked out of the network and I need the administrator to reset it.
Do you mean hackers can bypass that?
appreciate the information but your jolly explanation is really not able to get into the seriousness of the hack of the decade.
solarwinds123 huh? Oops 😬
@Bobby Tawil I would have got it on the 2nd try then 😂 & I'm a business analyst IT person not security
#CELLPHONESKILL
You are still at 30000 feet mate and hardly managed to explain it at a granular level. The recommendations are useless and not fool proof
#HOMELANDSECURITYSUX
H
Love that
Lots of woffle about nothing in-depth.. clickbait
Dominion comes to mind....
Dominion does use SolarWinds software, however Dominion did not use the SolarWinds Orion product which was compromised. So was unaffected by this issue.
@@SteveGillham where are you from? (as you know too much)
@@suryakant6357 I do a lot of deep research into these types of things, its part of my job.
@@suryakant6357 UK
@@SteveGillham are you hacker or work for something like wiki leakes?
Have you seen Indiana Jones the Crystal Skull = what will happen to you when you evolve enough to see it
Yes we all do matter because God created the laws that quantum physics obeys and with out those fundamentals we canot exist. So we all have a greater purpose like a super computer. It was created to solve problems!
thought that you can do better than this on the topic ! very sad Keith
Very well funded and highly skilled...Israel comes to mind. Just sayin'.
instahaxor works, every other program is fake.
This would not have happened with open-source software.
This could very easy happen to open source.
woof woof
I know you are new to the net so ..A HELL
Ha!
“Don’t download files from unknown sources”.
Riiiight, because this very hack came from “unknown” sources eh?
Wrong advice, better to say to keep a trusted and PROVEN anti malware up to date, and have an IPS (intrusion prevention system) watching 100% of your traffic.
This would not have helped either, No AV knew about this malware and the it was very stealthy so would be hard to detect.
And because it was using stenography in the usage data, the IPS would less likely detect the C&C traffic.
Ever watch game of thrones, read sun sue art of war.......................
Useless
MY Password: "Solarwinds 123" was put up in this video! arrgghhhh........you ruined my bank account.