{"id":1881,"date":"2020-12-21T03:04:59","date_gmt":"2020-12-21T03:04:59","guid":{"rendered":"https:\/\/thenextweb.com\/?p=1332676"},"modified":"2020-12-21T03:04:59","modified_gmt":"2020-12-21T03:04:59","slug":"pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=1881","title":{"rendered":"Pardon the Intrusion #33: SolarWinds unleashes a cyber storm"},"content":{"rendered":"\n<p><strong><em>Subscribe to this bi-weekly newsletter <a href=\"https:\/\/tnw.to\/newsletter\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here<\/a>!<\/em><\/strong><\/p>\n<p><span>Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s <\/span><a href=\"https:\/\/thenextweb.us1.list-manage.com\/track\/click?u=22ec88eb9b9d8bc3bcf660787&amp;id=37136e54f1&amp;e=0e200ae170\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">bi-weekly newsletter<\/a> in which we explore the wild world of security.<\/p>\n<p><span>Earlier this week, several major US government agencies \u2014 including the Departments of Homeland Security, Commerce, Treasury, and State \u2014 discovered that their digital systems <\/span><a href=\"https:\/\/thehackernews.com\/2020\/12\/us-agencies-and-fireeye-were-hacked.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">had been breached<\/a><span> by hackers in what\u2019s fast turning out to be a highly sophisticated supply chain attack.<\/span><\/p>\n<p><span>Such attacks often work by first compromising a third-party vendor with a connection to the true target.<\/span><\/p>\n<p><span>Infiltrating a third-party provider that has access to their customers\u2019 networks also vastly increases the scale of an attack, as a successful break-in opens up access to all those businesses that rely on it, making them all vulnerable at once.<\/span><\/p>\n<p><span>In this case, the attackers turned out to SolarWinds, a Texas-based IT infrastructure provider, to inject malicious code into its monitoring tool that was then pushed to nearly 18,000 of its customers as software updates.<\/span><\/p>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/968864a6-b4e9-4ee2-9493-f4cc98940d4c.gif\" width=\"600\" height=\"174\" data-file-id=\"59922\" data-lazy=\"true\"><\/figure>\n<p><span>SolarWinds counts several US federal agencies and Fortune 500 firms among its clients.<\/span><\/p>\n<p><span>According to cybersecurity firm FireEye, which also appears to have been a <\/span><a href=\"https:\/\/thehackernews.com\/2020\/12\/cybersecurity-firm-fireeye-got-hacked.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">victim of the same attack<\/a><span>, called it a <\/span><a href=\"https:\/\/thehackernews.com\/2020\/12\/new-evidence-suggests-solarwinds.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">meticulously planned<\/a><span> espionage campaign that may have been ongoing at least since March 2020.<\/span><\/p>\n<p><span>Although there hasn\u2019t been any concrete evidence tying the attacks to a specific threat actor, <\/span><a href=\"https:\/\/www.washingtonpost.com\/national-security\/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm\/2020\/12\/13\/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">multiple<\/a><span> <\/span><a href=\"https:\/\/www.reuters.com\/article\/global-cyber\/global-security-teams-assess-impact-of-suspected-russian-cyber-attack-idUKKBN28O1KN\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">media<\/a><span> reports have pinned the intrusions on APT29 (aka Cozy Bear), a hacker group associated with Russia\u2019s foreign intelligence service.<\/span><\/p>\n<p><span>It may take months to fully understand the breadth and depth of the hack, but the SolarWinds incident once again highlights the severe consequences of compromising a supply chain.<\/span><\/p>\n<p><span>Of course, supply chain attacks have <\/span><a href=\"https:\/\/thenextweb.com\/security\/2019\/10\/22\/supply-chains-show-their-weaknesses-following-avast-and-nordvpn-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">happened<\/a><span> <\/span><a href=\"https:\/\/twitter.com\/thegrugq\/status\/1338694951404593154\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">before<\/a><span>. What\u2019s more concerning here is how little has been done since then to prevent them from happening again.<\/span><\/p>\n<h3 class=\"h2 mso-font\"><span>What\u2019s trending in security?<\/span><\/h3>\n<p><span>Signal added support for <\/span><a href=\"https:\/\/signal.org\/blog\/group-calls\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">encrypted group calls<\/a><span>, the Zodiac Killer cipher <\/span><a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/zodiac-killer-cipher-is-cracked-after-eluding-sleuths-for-51-years\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">was cracked<\/a><span> after 51 long years, and a former Cisco engineer was sentenced to 24 months in prison for <\/span><a href=\"https:\/\/www.zdnet.com\/article\/former-cisco-engineer-sentenced-to-prison-for-deleting-16k-webex-accounts\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">deleting 16,000 Webex accounts<\/a><span> without authorization.<\/span><\/p>\n<ul>\n<li>\n<span>The <\/span><a href=\"https:\/\/en.wikipedia.org\/wiki\/Zodiac_Killer\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Zodiac Killer<\/a><span> cipher was cracked after 51 years. \u201cIt was an exciting project to work on, and it was on many people\u2019s \u2018top unsolved ciphers of all time lists,&#8217;\u201d said Dave Oranchak, one of the three men who cracked the encoded message. [<\/span><a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/zodiac-killer-cipher-is-cracked-after-eluding-sleuths-for-51-years\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Ars Technica<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Hackers are getting creative with web skimmers designed to steal payment info from users when they visit a compromised shopping website. Researchers found criminal gangs experimenting with storing the malicious code in <\/span><a href=\"https:\/\/www.zdnet.com\/article\/hackers-hide-web-skimmer-inside-a-websites-css-files\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CSS style sheets<\/a><span>and social media buttons. [<\/span><a href=\"https:\/\/www.zdnet.com\/article\/credit-card-stealer-discovered-in-social-media-buttons\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ZDNet<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>GitHub found that security vulnerabilities in open-source projects often go undetected for more than four years before being disclosed. What\u2019s more, 17% of all vulnerabilities in software were intentionally planted for malicious purposes. As they say, open-source does not equal secure. [<\/span><a href=\"https:\/\/octoverse.github.com\/static\/2020-security-report.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">GitHub<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Apple and Cloudflare joined hands for a new initiative called Oblivious DNS-over-HTTPS (<\/span><a href=\"https:\/\/blog.cloudflare.com\/oblivious-dns\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ODoH<\/a><span>) that hides the websites you visit from your ISP. [<\/span><a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/cloudflare-apple-and-others-back-a-new-way-to-make-the-internet-more-private\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Ars Technica<\/a><span> \/ <\/span><a href=\"https:\/\/gizmodo.com\/cloudflare-and-apples-new-oblivious-protocol-could-mean-1845837280\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Gizmodo<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Former Cisco engineer Sudhish Kasaba Ramesh, 31, was sentenced to 24 months in prison for deleting 16,000 Webex accounts without authorization, costing the company more than $2.4 million, with $1,400,000 in employee time and $1,000,000 in customer refunds. [<\/span><a href=\"https:\/\/www.zdnet.com\/article\/former-cisco-engineer-sentenced-to-prison-for-deleting-16k-webex-accounts\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ZDNet<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Secure messaging app Signal added support for encrypted group video calls with up to five participants. [<\/span><a href=\"https:\/\/signal.org\/blog\/group-calls\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Signal<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>A German court forced encrypted email provider Tutanota to create a backdoor that allows it to monitor an individual\u2019s inbox in connection with a blackmail case. [<\/span><a href=\"https:\/\/www.cyberscoop.com\/germany-court-ruling-tutanota-email-monitoring\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CyberScoop<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Just a couple of weeks ago, we learned that the company behind the X-Mode SDK had been selling customer location data to government contractors. Now Forbes\u2019 Thomas Brewster has reported how surveillance vendors like Rayzone and Bsightful are siphoning location data from smartphones with the help of tools used to serve mobile ads on third-party apps. [<\/span><a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2020\/12\/11\/exclusive-israeli-surveillance-companies-are-siphoning-masses-of-location-data-from-smartphone-apps\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Forbes<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Operatives with an Arabic-speaking hacking group, known as MoleRATs, used mainstream technology services like Facebook and Dropbox to obscure their malicious activity and exfiltrate data from targets across the Middle East. [<\/span><a href=\"https:\/\/www.cybereason.com\/blog\/new-malware-arsenal-abusing-cloud-platforms-in-middle-east-espionage-campaign\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Cybereason<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Critical <\/span><a href=\"https:\/\/us-cert.cisa.gov\/ics\/advisories\/icsma-20-343-01\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">flaws<\/a><span> discovered in dozens of GE Healthcare radiological devices could allow an attacker to gain access to sensitive personal health information, alter data, and even compromise the machines\u2019 availability. Worse, these devices are secured with hardcoded default passwords that could be exploited to access sensitive patient scans. [<\/span><a href=\"https:\/\/www.cybermdx.com\/vulnerability-research-disclosures\/ge-radiology-modalities\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CyberMDX<\/a><span>]<\/span>\n<\/li>\n<li>Apple, Google, Microsoft, and Mozilla banned a digital certificate being used by the Kazakhstan government to intercept and decrypt HTTPS traffic, after the country began requiring citizens in its capital of Nur-Sultan to install the certificate on their devices to access foreign internet services as part of a cybersecurity exercise. [<a href=\"https:\/\/www.zdnet.com\/article\/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ZDNet<\/a>]<\/li>\n<li>\n<span>The past fortnight in data breaches, leaks, and ransomware: <\/span><a href=\"https:\/\/www.zdnet.com\/article\/eu-agency-in-charge-of-covid-19-vaccine-approval-says-it-was-hacked\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">European Medicines Agency<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Foxconn<\/a><span>, Intel\u2019s <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Habana Labs<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kmart-nationwide-retailer-suffers-a-ransomware-attack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Kmart<\/a><span>, <\/span><a href=\"https:\/\/www.zdnet.com\/article\/ransomware-hits-helicopter-maker-kopter\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Kopter<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-forces-hosting-provider-netgain-to-take-down-data-centers\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Netgain<\/a><span>, <\/span><a href=\"https:\/\/www.cyberscoop.com\/egregor-ransomware-randstand-head-hunter\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Randstand<\/a><span>, <\/span><a href=\"https:\/\/techcrunch.com\/2020\/12\/10\/spotify-resets-user-passwords-after-a-bug-exposed-private-account-information\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Spotify<\/a><span>, Vancouver\u2019s <\/span><a href=\"https:\/\/www.zdnet.com\/article\/ransomware-attack-cripples-vancouver-public-transportation-agency\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TransLink<\/a><span>, <\/span><a href=\"https:\/\/www.zdnet.com\/article\/robotics-unicorn-uipath-discloses-data-breach\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">UiPath<\/a><span>, <\/span><a href=\"https:\/\/www.theregister.com\/2020\/12\/15\/dicom_45_million_medical_scans_unsecured\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">45 million<\/a><span> images of X-rays and other medical scans, and the personal data of <\/span><a href=\"https:\/\/www.zdnet.com\/article\/data-of-243-million-brazilians-exposed-online-via-website-source-code\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">243 million Brazilian citizens<\/a><span>.<\/span>\n<\/li>\n<\/ul>\n<h3 class=\"h2 mso-font\">Data Point<\/h3>\n<p><span>According to latest stats from the <\/span><a href=\"https:\/\/nvd.nist.gov\/general\/visualizations\/vulnerability-visualizations\/cvss-severity-distribution-over-time\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">National Vulnerability Database<\/a><span>, 2020 saw a record number of reported flaws, with as many as 17,537 bugs recorded during the year, slightly up from 17,306 in 2019.<\/span><br \/><a href=\"https:\/\/nvd.nist.gov\/general\/visualizations\/vulnerability-visualizations\/cvss-severity-distribution-over-time\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/817eca50-b60b-4dee-983a-c1e2bf287ef0.png\" width=\"600\" height=\"242\" data-file-id=\"59894\" data-lazy=\"true\"><\/figure>\n<p><\/a><br \/><span>Over the past 12 months, 4,177 high-severity vulnerabilities, 10,767 medium-severity vulnerabilities, and 2,593 low-severity vulnerabilities were reported. In 2019, there were 17,306 flaws published: 4,337 high-severity, 10,956 medium-severity, and 2,013 low-severity vulnerabilities.<\/span><\/p>\n<p>That\u2019s it. See you all in two weeks. Stay safe!<\/p>\n<p><em>Ravie x TNW (ravie[at]thenextweb[dot]com)<\/em><\/p>\n<p> <a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/12\/21\/pardon-the-intrusion-33-solarwinds-unleashes-a-cyber-storm\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Subscribe to this bi-weekly newsletter here! Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s bi-weekly newsletter in which we explore the wild world of security. Earlier this week, several major&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1882,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/1881"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1881"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/1881\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/1882"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}