in 2018
https://www.politico.com/magazine/st...-harbor-219015
in 2020
https://www.dailymail.co.uk/news/article-9069351/Congressman-compares-Russian-hack-government-Pearl-Harbor.html
in 2018
https://www.politico.com/magazine/st...-harbor-219015
in 2020
https://www.dailymail.co.uk/news/article-9069351/Congressman-compares-Russian-hack-government-Pearl-Harbor.html
So you're saying the hacks are getting more serious.
Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach
“Now witness the firepower of this fully armed and operational Battle Station.” – Emperor Palpatine, Return of the Jedi
Analysis: This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.
Through four steps over four days, Microsoft flexed the muscle of its legal team and its control of the Windows operating system to nearly obliterate the actions of some of the most sophisticated offensive hackers out there. In this case, the adversary is believed to be APT29, aka Cozy Bear, the group many believe to be associated with Russian intelligence, and best known for carrying out the 2016 hack against the Democratic National Committee (DNC).
While details are continuing to emerge, the SolarWinds supply chain attack is already the most significant attack in recent memory. According to SolarWinds, Microsoft, FireEye, and the Cybersecurity and Infrastructure Security Agency (CISA) the attackers compromised a server used to build updates for the SolarWinds Orion Platform, a product used for IT infrastructure management. The attackers used this compromised build server to insert backdoor malware into the product (called Solorigate by Microsoft or SUNBURST by FireEye).
According to SolarWinds, this malware was present as a Trojan horse in updates from March through June 2020. This means any customers who downloaded the Trojaned updates also got the malware. While not all customers who got the malware have seen it used for attacks, it has been leveraged for broader attacks against the networks of some strategically critical and sensitive organizations.
Those attacked include FireEye, the US Treasury Department, the US Department of Commerce’s National Telecommunications and Information Administration (NTIA), the Department of Health’s National Institutes of Health (NIH), the Cybersecurity and Infrastructure Agency (CISA), the Department of Homeland Security (DHS), and the US Department of State.
Everyone who has worked on this case directly has spoken to the sophisticated nature of the attack. The breadth, strategic importance and security expertise of the victims bear this out. While nearly every attack is called “sophisticated” by victims who try and shield themselves from criticism, the security community is nearly unanimous in its verdict that the term is merited in this case.
The speed, scope and scale of Microsoft’s response were unprecedented. Specifically, Microsoft did four things over the course of four days that effectively undid the work of the attackers.
1) On Dec. 13, the day this became public, Microsoft announced that it removed the digital certificates that the Trojaned files used. These digital certificates allowed Microsoft Windows systems to believe that those compromised files were trustworthy. In this single act, Microsoft literally overnight told all Windows systems to stop trusting those compromised files which could stop them from being used.
2) That same day, Microsoft announced that it was updating Microsoft Windows Defender, the antimalware capability built into Windows, to detect and alert if it found the Trojaned file on the system.
3) Next, on Tuesday, Dec. 15, Microsoft and others moved to “sinkhole” one of the domains that the malware uses for command and control (C2): avsvmcloud[.]com. SInkholing is a legal and technical tactic to deprive attackers of control over malware. In Sinkholing, an organization like Microsoft goes to court to wrest control of a domain being used for malicious purposes away from its current holder, the attacker.
When successful, the organization can then use its ownership of that domain to sever the attacker’s control over the malware and the systems the malware controls. Sinkholed domains can also be used to help identify compromised systems: when the malware reaches out to the sinkholed domain for instructions, the new owners can identify those systems and attempt to locate and warn the owners. Sinkholing is a tactic that was first used in big attacks in the 2008-2009 battle against Conficker and has been a standard tactic in Microsoft’s toolkit for years, including most recently against TrickBot.
4) Finally, today, Wednesday, Dec. 16, Microsoft basically changed its phasers from “stun” to “kill” by changing Windows Defender’s default action for Solorigate from “Alert” to “Quarantine,” a drastic action that could cause systems to crash but will effectively kill the malware when it finds it. This action is important, too, because it gives other security companies license now to follow suit with this drastic step: Microsoft’s size and leadership of its platform give cover to other security companies that they wouldn’t otherwise have.
Taken together, these steps amount to Microsoft first neutralizing and then killing the malware while wresting control over the malware’s infrastructure from the attackers. By the end of this week, the attackers will be left with barely a fraction of the systems under their control.
They may still have access to compromised networks through other means: that’s what incident responders are likely working on now. And there’s no undoing whatever they did while the infiltration went unnoticed for months. But still, these actions together come as close to obliterating an attack as we’ve seen, which is all the more notable because of the likely attackers.
In the end, this all reminds us how much power Microsoft has at its disposal. Between its control of the Windows operating system, its robust legal team, and its position in the industry, it has the power to change the world nearly overnight if it wants to. And when it chooses to train that power on an adversary, it really is the equivalent of the Death Star: able to completely destroy a planet in a single blast.
Fortunately these days, Microsoft is sparing in its use of its power. But as I’ve noted before, we should never mistake Microsoft’s gentleness for weakness.
And anyway, what’s the point in having a Death Star if you don’t get to use it (for good) sometimes?
https://www.geekwire.com/2020/micros...sponse-breach/
So . . . Skidmark is defending Russia and more importantly Putin as he is a strongman murderer . . . just like he likes and admires them
Loondyke is doing his best to . . . - well who cares what the fuckwit is doing
OhNo hasn't reacted as China hasn't been implicated seriously
Wondering why the coherency to Pearl Harbor? Wouldn't be quite better not to remind the ill-fated event?Congressman-compares-Russian-hack-government-Pearl-Harbor
There are hundreds of unpalatable documents why such tragedy had to occur...
So they've had an attack since March.
I'd say Microsoft are a bit late, with their plug.
Whoever it was has certainly got what they want and more.
Just a reminder: Attribution is a lengthy process, and requires lots of data, which is now being collected and analyzed. It will take months for anything definitive.
The attackers set up a VPS and had all the data shipped to it via DNS requests. A company called Infoblox have been trying for years to get me to buy their hideously expensive and shitty "DNS Security" product, and I've always said no: This proves why.
However, there is no fucking way Pompeo, Baldy orange loser or anyone else can say with any certainty whether it's Vlad or the chinkies.
What is certain is that they are the two where you can definitely say they have the resources and skills needed to pull off what is in technical terms a most admirable attack.
I don't think the other two contenders - North Korea and Iran - have the chops for an attack of this complexity.
If you asked me to put money on it, I'd veer towards the Russians, but not by much.
Time will tell.
Just fancy that.
DHS Was Finally Getting Serious About Cybersecurity. Then Came Trump.
DHS Was Finally Getting Serious About Cybersecurity. Then Came Trump. - POLITICO
Only country with carte blanche to spy on The USA is ...........?
Why not ?
They did it before
Last edited by OhOh; 20-12-2020 at 09:16 PM.
Go back to something you understand nitwit...
Barney - Theme Song - I Love You Song - YouTube
There are currently 1 users browsing this thread. (0 members and 1 guests)