Cyber defences still vulnerable to trojan threat
18 December 2020 | 0
In association with Cyberhive
Reuters has revealed an attack by possible state-sponsored hackers on a range of government, public and private networks using SolarWinds’ Orion network monitoring and management software. According to NPR the Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland, confirmed the attack began in early March and is still ongoing.
According to a blog post by researchers at Cisco’s Talos Intelligence Group a trojanised update was downloaded by 18,000 of SolarWinds’ 300,000 across government agencies, consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East. Hackers collected data on authorised users to impersonate them and move through the network.
Cyberhive Gatekeeper – a product initially developed for the UK government before its commercial roll out – would have prevented the attackers from impersonating authorised users, immediately disrupting the attack.
In addition to usernames, passwords, and multi-factor authentication techniques, access to services protected by Gatekeeper requires approved and authorised hardware, which is verified by the ‘trusted’ environment before allowing access to any data.
“People need to understand that even the best cyber defences will sometimes be breached. It’s not if, it’s when,” said Alan Platt, COO, Cyberhive.
“This type of attack is likely to be increasingly common. Instead of trying to compromise the security of banks, governments or other highly secure agencies, it’s easier just compromise the security of one of their suppliers. SolarWinds is just one of many of these types of companies and could offer a convenient back door.
“E-commerce applications, MRP systems, accounting packages, monitoring tools or a myriad of third party plug-ins and software modules could also offer an easy target for attackers” he said.
Mike Molloy, the Dublin-based representative of Cyberhive, added: “In a nutshell, CyberHive’s patented technology, developed in conjunction with Oxford University, would have identified the breaches and stopped progress of the malware through the victims’ networks at a very early stage. Remedial action could have taken place earlier, meaning less damage, less widespread intrusion and less scrambling around trying to protect national security data than is currently the case.”