!!! Cyber Breaches, Orion_got Compromised, what happened during year(2020 ~ next) !!

Every War needs its basic idea to begin with:

For cyber war-fare or ballistic defence to air,water and surface-to-surface combat this book art of war is taken into consideration: (By Sun Tzu)

Not Every war is fair enough until the enemy is known shows his real side to us.

Modern war fields can be via bots to more stealth technology that is going to come ahead.

Our choice of war in future can be via Computers:

To date, no computer has been created that could not be hacked.

Since the business world is now evolving through digital transformation, cybersecurity has become more important than ever, as enterprise endpoints increase in volume and become threat vectors for anyone looking to crack a business’s information.

Cybersecurity is the new information security.

Since the world went online 20 years ago, information moved from the filing cabinet to the computer’s motherboard, and recently migrated to the cloud.

Securing all the data associated with a single enterprise,

no matter the size, is an enormous task,

especially considering industry-specific compliance

and regulation standards

This Quote got into implementation:

Case Study of recent breached:

Solar wind’s Company

In early 2020, hackers secretly broke into Texas-based Solar_Wind’s systems and added malicious code into the company’s software system. The system, called “Orion,” is widely used by companies to manage IT resources. Solar winds has 33,000 customers that use Orion

What is the motive behind the attack ??

Actual reason :

The company works as a distributor of software as a security. Which is used by many government agencies and Fortune 500 companies in managing their information technology.

The hackers installed a so-called backdoor into SolarWinds’s popular “Orion network management-software”. Over time, that infected software found its way onto the servers of some SolarWinds clients, allowing the hackers to return and access those computer systems.

Is it just the backdoor or any other way is used, what is the report of cyber forensics ?

What are the lessons to be learned ?

The hack seems to be “an intelligence-gathering effort.”

“If it is cyberespionage, it is one of the most effective cyberespionage operations we’ve seen in quite some time,” said John Hultquist, a senior director at FireEye.

Finding the extent of the hack, repairing compromised systems and remediating the damage will be costly and time-consuming for victims, cybersecurity experts say.

Finally, we can understand the recent cyber-breach into solarwinds states that their is a lack of production deployment checks not evaluated resulting in the deployment of all the nodes or clients associated with to get the update-notification regardless of its patches

Leading to the Russian gates from the backdoors of Solarwinds Company servers

Solar-wind’s summary of this breach :

Who is behind the attack ?

APT-29, Also known in the security community as Cozy Bear or the Dukes, the hacking group dates back to 2008 and has long targeted corporations and governments. The U.S., U.K. and Canada have assessed that APT 29 is “a cyberespionage group, almost certainly part of the Russian intelligence services.”

The cybersecurity firm Crowdstrike began tracking the group in 2014, and said it is known for casting “a wide net” of victims and for “changing tool sets frequently.” ← But will be Found in their weakest of time(soon)

Suggestion would be : start at the basics and work forward. Ask yourselves what’s the worst day you could have and plan your risks accordingly. See whether you could you identify all the risks and exposures you have?

From fundamental asset identification and network mappings and data flows, to unpatched vulnerabilities and process identification, there is a lot to consider.

What does this mean ?

The SolarWinds Orion compromise is an incredibly impactful attack across numerous industrial verticals, especially

electric subsectors concerned with critical infrastructure.

This will perhaps be regarded in the same category as

NotPetya, or ccleaner as another successful nation-state supply chain attack with vast ramifications.

Near future will come-up with practical implementation of how they approached theattack

As this is a recently discovered attack both in breadth and scope, we will be unpacking the damage done and discovering new forensic details for a considerable amount of time.

Security and forensic search is begins as such:

Usually, a third-party consultant is called upon to inspect the entire computer network for any malware or spyware left by the hackers. Log files are instrumental in reconstructing the events of the breach to understand what really happened. These are computer-generated data files that contain information about usage patterns and activity within an operating system, server, or application.

Thank you will be interested to know any-more details of attacks done previously and would like share your views. I would love to big them Up here.

Please do follow and Give me a Clap

(To make some noise)