SolarWinds Orion Hack

[Whte_rbt 1,431]

Dunno if any of you use this software for network monitoring but there has been a major hack reported by US Treasury concerning any computer that is monitored by the SolarWinds Orion system. Given the required actions listed in the DHS cyber response if anyone is using this you may want to take it offline immediately and look for an alterntive arrangment till it gets fixed.

Original Article: https://www.bbc.co.uk/news/world-us-canada-55265442

DHS Cyber Response: https://cyber.dhs.gov/ed/21-01/

All affected government agencies have to comply (take it offline) by 12.00 (Noon) EST 14/12/2020.

[Kloudkicker 4,561]

Two follow up articles. The 2nd one is too long to quote anything. Besides, I would have to read it to do that. Some other time.

~Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach~ By Christopher Budd on December 16, 2020 at 3:20 pm: https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/amp/

small quote from article above

" 1) On Dec. 13, the day this became public, Microsoft announced that it removed the digital certificates that the Trojaned files used."

"2) That same day, Microsoft announced that it was updating Microsoft Windows Defender, the antimalware capability built into Windows, to detect and alert if it found the Trojaned file on the system."

"3) Next, on Tuesday, Dec. 15, Microsoft and others moved to “sinkhole” one of the domains that the malware uses for command and control..."

"4) Finally, today, Wednesday, Dec. 16, Microsoft basically changed its phasers from “stun” to “kill” by changing Windows Defender’s default action for Solorigate from “Alert” to “Quarantine,” a drastic action that could cause systems to crash but will effectively kill the malware when it finds it."

"In the end, this all reminds us how much power Microsoft has at its disposal. Between its control of the Windows operating system, its robust legal team, and its position in the industry, it has the power to change the world nearly overnight if it wants to. And when it chooses to train that power on an adversary, it really is the equivalent of the Death Star: able to completely destroy a planet in a single blast."

Fortunately these days, Microsoft is sparing in its use of its power. But as I’ve noted before, we should never mistake Microsoft’s gentleness for weakness.

And anyway, what’s the point in having a Death Star if you don’t get to use it (for good) sometimes?"

 

~Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers~ by Microsoft on December 18, 2020: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ *

*This is a really long article.