back to article Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

One of the great threats to our civilization is space weather. Specifically, the Sun's proven ability to target the planet with a tremendous cosmic belch of radiation, knocking out satellites, power grids, and networks worldwide. In that context, SolarWinds' choice of company name seems gruesomely apt. We still don't know the …

Page:

  1. hoola Silver badge

    Privilege Sprawl

    One of the things that appears to go unnoticed is the number of bits of monitoring, logging, AV, management that are installed, all with a nice little agent that is running as close to the kernel as possible. The actual agent may be perfectly secure but if the system is is sending back to or managed by become compromised you are in trouble. Many of these don't have any sort of reauthentication and are running as some system user. It can only be a matter of time before something like the Solarwinds issue hits a solution with a client. The more oif these tools that are cloud based also gives me concerns. You are entrusting yet more of your security to other people and as we all know, security is only as good as the weakest link. In this way going for the single point that has access to hundreds of systems is well work the effort. Going after some cloud-based AV solution would potentially give you access to millions of end points in one go.

    1. jake Silver badge

      Re: Privilege Sprawl

      Gee, you think?

  2. Tom Paine

    Stupid question

    From the quality of the threat design, the range of techniques used, and the nature of its victims, this was a nation state at work [..]

    What is a "threat design"?

    1. jake Silver badge

      Re: Stupid question

      See: threat model.

  3. Anonymous Coward
    Anonymous Coward

    Inside or outside job?

    From the ReversingLabs analytic reports I read, the attack was teased out over several months deep in the source code slowly creating a camouflaged set of code in the right house style that was compiled directly into live builds. If the report's true, I'd be surprised if an outside hacking team was able to get in that deep, take that amount of time, and then know the existing code well enough to blend into the house-style.

    The ReversingLabs report makes it feels more like work done by someone familiar with the codebase as an employee or contractor - could be someone who left, but still had a way of getting access for instance, or a contractor planted by an outside agency who had enough time to learn the system before crafting the attack piece by piece.

    Reasons for hacking Solarwinds need not be spying either. For instance, the ultimate target could have been financial systems. A Solarwinds type hack would allow a team to place a trojan into an automated trading system that then buys a few more bitcoin, or overprices a stock would be almost unnoticeable - demand goes up, prices follow and a connected seller slowly makes a fortune. As more information comes out, this could turn out to be a people or HR problem as much as a system or network problem.

  4. Scene it all

    How did they somehow bypass the source code control system? (Assuming there WAS a SCCS, and not just a bunch of files in a directory.) If they came through the front door one could start with a "git blame" command and start following the trail through logs. They might find something unusual that could result in updates to their security system such as time-of-day restrictions on who can access what, or by what access channel such activity is allowed.

  5. David Roberts Silver badge

    Funding model?

    As already mentioned upstream this might be all down to the money and time available to the core developers to look internally at their processes and not just at the agressive targets for the next commercial release.

    Like a high security business with massive front office security, turnstiles, finger and retinal printing etc. Which, it turns out, makes it impossible for the developers in the basement working 7 days weeks to meet an arbitrary deadline to get out of hours pizza deliveries. So they modify a back door to the server room so the alarm doesn't sound when the delivery guy calls.

    Possible moral is to spend a bit more on your core team even if it makes the performance metrics look worse.

    We didn't get hacked because.....is very hard to prove.

    No doubt the blame will fall on the developers and not those responsible for not funding internal security.

    Noting also that if you are a criminal one of your primary aims is to subvert the police force. Also noting Burgess et al.

  6. hamiltoneuk

    Intelligent article and interesting comments. From my semi-layperson's viewpoint are we seeing an illustration of Andy Grove's book title Only The Paranoid Survive?

  7. Frostd

    Tall fences make for friendly neighbours.

    The internet was envisioned as a friendly digital utopia where everyone could freely exchange information. Unfortunately human nature and politics have interfered with the original vision of the internet described by Sir Timothy John Berners-Lee.

    It is only a matter of time before nation states (the EU being such) erect Chinese walls between themselves and that vicious outside world.

    Tall fences make for friendly neighbours.

    1. jake Silver badge

      Re: Tall fences make for friendly neighbours.

      I think you are confused. The Internet (whatever that is!) was envisioned, designed, built and used as a research network to research networking. It still is. TB-L's cute little johnny-come-lately subset of The Internet, known as The Web, came about much later.

      Nobody actually involved in the building of any of the above had utopian ideas, friendly or otherwise, about much of anything (except rms and a few hangers-on, of course, but that's another story ... ).

      1. Version 1.0 Silver badge

        Re: Tall fences make for friendly neighbours.

        The Internet is maintained these days to deliver advertising, movies, and spam while recording your preferences to improve the delivery.

    2. amanfromMars 1 Silver badge

      Tall fences don't make for friendly neighbours.

      The internet was envisioned as a friendly digital utopia where everyone could freely exchange information. Unfortunately human nature and politics have interfered with the original vision of the internet described by Sir Timothy John Berners-Lee.

      It is only a matter of time before nation states (the EU being such) erect Chinese walls between themselves and that vicious outside world.

      Tall fences make for friendly neighbours........Frostd

      Presently there is a little difficulty here in one accessing entry into available information with delivery of intelligence to certain parties/particular players which one might expect to be interest to those with an interest in proprietary intellectual property matters being explored in the likes of the following event ....

      The second Intelligentized Warfare Symposium was recently held at the National Defense University (NDU) of the Chinese People's Liberation Army (PLA) in Beijing, and more than 80 military representatives attended the event. ...... http://eng.chinamil.com.cn/view/2020-12/28/content_9959511.htm

      Quite whether that is just a temporary glitch to be tested later or something else intentionally testing itself as a possible permanent fixture ...... as one of those strange walls in something of a virtual form ..... is something which can very quickly become quite clear enough to reveal the necessary next steps/actions/reactions/proactions.

      And surely, rather than friendly neighbours, tall fences can make for incredibly curious neighbours and almightily dangerous prisoners?

  8. Anonymous Coward
    Anonymous Coward

    Removing Windows would be a great first step

    .. but the problem is that the people making the decisions can be bought with lunches and fed misinformation galore.

    So yes, yet another hack. And another set of excuses. Rinse, repeat, ad infinitum.

    Most of the people involved don't want to fix things, they just want more budget to waste. Bad news for the people on the receiving end but that's IT.

    1. amanfromMars 1 Silver badge

      Re: Removing Windows would be a great first step to easily fcuk up markets

      That sounds very much like a clarion call for hacker types to step up to the plate, AC, and do their great cracking code, creative destruction thing.

      Ye olde cavaliers versus roundheads/cowboys vs injuns/David vs Goliath confrontation albeit with different disguises for both state and non-state actors. Is anyone running a book on the guaranteed alternate outcomes for presenting in such as would certainly surely be postmodern quantum entangling times/virtually surreal spaces?

      Is there a list/Are there lists of runners and riders/agencies and drivers?

      Or are they likely liable to remain strictly need to know .... NOFORN Porn?

      That should make for a radically novel 2021, and there's no mistaking that not being a real doozy.

      Didn't Dominic Cummings not want something like that, right at the start of this year [JANUARY 2, 2020] ?

  9. Anonymous Coward
    Anonymous Coward

    0pti0na1

    Dome is Earth

    1 8100D

  10. A random security guy Bronze badge

    I doubt anything special will happen.

    Companies will just buy more cyberinsurance, will give out "free credit-monitoring", and pay a few measly fines.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021