Sign up to save your podcasts
Or
Share SolarWinds hack and the Executive Order from Mr Biden — And now?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SolarWinds hack and the Executive Order from Mr Biden — And now?
In the past two years, we have had to learn a lot about cybersecurity. The new attack vectors are becoming more and more sophisticated and are directed more and more against the value chain in general. But what does that mean for us? What can be done about it, and what reactions have the state already taken?
Let's start with the story that got all of this rolling and made sure that the general attention was drawn to the vulnerabilities of the available IT infrastructure. We're talking about the SolarWinds Hack. What happened here, and what is more critical; What are the lessons learned from this incident?
It is essential to know that the SolarWinds company produces software that is used to manage network infrastructure. With the name "Orion Platform, " this software should help manage and administer the network components efficiently. If you look at the product description on the SolarWinds website, you can read that the software can monitor, analyse, and manage the network infrastructure. And that's exactly what the customers did. The company itself has around 300,000 customers worldwide, including individual companies and government organisations and corporations from a wide variety of areas. To always stay up to date, the software platform includes an automatic update mechanism. And that was exactly what the attackers were after. They saw in the SolarWinds company a multiplier for their own activities. But how can you go about this? The attackers obtained the necessary software tools by breaking into the FireEye company and infiltrating the SolarWinds network. The goal was the software development department in which the binaries of the Orion platform are created. Here, the CI routes have been manipulated to include compromised binaries in every build of the software. As a result, the company produced these binaries and put them into circulation through the automatic update process. In this way, around 18,000 targets could be infiltrated and compromised within a short time.
What does that mean for us now? ...
This episode is also available as a blog post: https://svenruppert.com/2021/07/27/solarwinds-hack-and-the-executive-order-from-mr-biden-and-now/
View all episodes
By Sven RuppertIn the past two years, we have had to learn a lot about cybersecurity. The new attack vectors are becoming more and more sophisticated and are directed more and more against the value chain in general. But what does that mean for us? What can be done about it, and what reactions have the state already taken?
Let's start with the story that got all of this rolling and made sure that the general attention was drawn to the vulnerabilities of the available IT infrastructure. We're talking about the SolarWinds Hack. What happened here, and what is more critical; What are the lessons learned from this incident?
It is essential to know that the SolarWinds company produces software that is used to manage network infrastructure. With the name "Orion Platform, " this software should help manage and administer the network components efficiently. If you look at the product description on the SolarWinds website, you can read that the software can monitor, analyse, and manage the network infrastructure. And that's exactly what the customers did. The company itself has around 300,000 customers worldwide, including individual companies and government organisations and corporations from a wide variety of areas. To always stay up to date, the software platform includes an automatic update mechanism. And that was exactly what the attackers were after. They saw in the SolarWinds company a multiplier for their own activities. But how can you go about this? The attackers obtained the necessary software tools by breaking into the FireEye company and infiltrating the SolarWinds network. The goal was the software development department in which the binaries of the Orion platform are created. Here, the CI routes have been manipulated to include compromised binaries in every build of the software. As a result, the company produced these binaries and put them into circulation through the automatic update process. In this way, around 18,000 targets could be infiltrated and compromised within a short time.
What does that mean for us now? ...
This episode is also available as a blog post: https://svenruppert.com/2021/07/27/solarwinds-hack-and-the-executive-order-from-mr-biden-and-now/