back to article FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion

Any organizations that used the backdoored SolarWinds network-monitoring software should take another look at their logs for signs of intrusion in light of new guidance and tooling. In an update and white paper [PDF] released on Tuesday, FireEye warned that the hackers – which intelligence services and computer security …

  1. Anonymous Coward
    Anonymous Coward

    Exchange on prem anyone?

    Just when you thought it couldnt get any worse, it does.

    So we're all moving back from the cloud and "un-federating" then?

    1. Peter-Waterman1

      Re: Exchange on prem anyone?

      Just the azure cloud it would appear

      1. John_3_16
        Paris Hilton

        Re: Exchange on prem anyone?

        Rumor has it USA government is considering moving everything to the new BABA cloud when complete. That is if they are not delisted first.

        One well known 'publican Ex-president was rumored to say on the golf course that nothing could be safer than a Communist company traded through an ADR VIE whose country was besties with Russia's Putin.

        Rumors continued that 40 'publican traitors still in the US Senate have all signed proposed legislation supporting their God & Ex-Commander-in-Chief 100%. Many of them supposedly have transferred all of their government data directly to Russia since the election was possibly stolen from their mega-god.

        Rumors abound that they fully support turning Washington's security needs over to Russia & China, sooner than later. Supposedly, he smiled knowingly, when he heard the news & rubbed his package excitedly while trembling noticeably.

        He may have claimed if elected in 2024, he is going to build a wall between us & Canada & build a bridge connecting Washington with Cuba & North Korea.

        Upon hearing this, 40 senatorial traitors may have excitedly rubbed each others packages in chambers on Wednesday while trying to dry hump their 'mocratic counter parts.

        Wait & see, I guess. Maybe? Could be? Rumor has it?

  2. W@ldo

    I worked in infosec for decades and security vendors often had the worst security practices. When compromised, they always run to "nation state" or otherwise more advanced actors. If your kit was so good, then you would guarantee it against such intrusions--or better, use it for your own protection to detect/prevent those advance threats you base your product claims. Soft solutions like Solarwinds are just the carriers for this one and a well oiled infosec vendor should have no trouble detecting anomalies.

    Of course, soon you'll be able to buy the next generation of their kit that will stop yesterday's threats. For real, after spending many millions in ultimately useless security technologies it is best to practice sound system/network admin practices and not rely on technologies that are supposed to fill the gaps.

    1. YetAnotherJoeBlow Bronze badge

      Yep

      I agree. What corporate does not want to hear is that security is not just a product that you can order and install. Security is a tedious and full time job. The very best that I can provide is for tripwires to be set everywhere and I do mean everywhere (including black lists), combined with firewalls and something like snort. This setup is monitored 24 X 7 with dedicated personnel. No magic, just hard work.

  3. Anonymous Coward
    Anonymous Coward

    Is anyone really surprised?

    Scientists have been warning us for years that our dependency on the internet and electronics in general could be catastrophic in the event of a bad solar wind.

    Okay, okay, you don't need to shove. I'm leaving. Jeez, tough crowd!

  4. aregross

    Putin poked Orange Johnny in the eye... and he took it!

  5. man_iii

    Stop using windows for mission critical stuff

    Everyday I see these "hacks" being perpetrated by using Windoze systems. Why????? Linux is still free as in beer. Just build your servers and contract custom tools you might need based on OSS.We have seen enough that security through obscurity doesn't really work anymore.

    1. Anonymous Coward
      Anonymous Coward

      Re: Stop using windows for mission critical stuff

      I assume you did read the El Reg article about "DNSPooq" which was published an hour before your comment?

      1. ColinPa Silver badge

        Re: Stop using windows for mission critical stuff

        https://www.theregister.com/2021/01/20/dns_cache_poisoning/

  6. don't you hate it when you lose your account

    The traditional beabcounters

    Will just wait for Microsoft to charge them for the extra accounts set up to take action.

  7. Anonymous Coward
    Anonymous Coward

    Not news.....unfortunately.......

    Scott McNealy, 1999: https://www.wired.com/1999/01/sun-on-privacy-get-over-it/

    *

    Peter Thiel, 2018: https://www.bloomberg.com/features/2018-palantir-peter-thiel/

    *

    2020: SolarWinds

    *

    So......when does the "advanced" IT industry START to take security and privacy seriously? It's all very well blaming OTHER state actors every time there's a security or privacy breach...........................but the hardware, the software, the training are primarily being sold by the very people whining about "attacks" and "intrusions". Get a grip folks......if you want to see the authors of these problems, take a look in the mirror!!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: if you want to see the authors of these problems, take a look in the mirror!!!!

      Posting AC because people in glass houses.....?

  8. sitta_europea

    The AD security model is just asking for it. Its assorted mechanisms are ridiculously over-complicated.

    You need to spend weeks learning about them to get even a fair appreciation, and it can take years to get into the dusty corners.

    Join a new comany with an old system and try to tighten it up and you'll soon have a queue of angry users at your desk asking why XYfuckingZ application won't let them piss on the floor any more because they've always logged in as Administrator to do it.

    The various graphical user interfaces don't make it easy to know what's going to break when you change anything nor what's likely to hit you on the back of the head without warning - as we've seen here.

    If security is the question, AD is definitely not the answer.

    1. Claptrap314 Silver badge

      I've only interacted directly with Azure at a single company. A company that admittedly had very little understanding about security, however... I was appalled at Byzantine way the system was worked. The departure of someone with admin privileges left (hopefully) orphaned permissions in pretty much every resource they ever accessed. If you needed access to a resource (you being an admin), you had to grant it to yourself. And, yeah. 100% GUI. You wouldn't want to automate any of that, now would you?

      Certainly, even the best system is going to be fouled up by fools. And I cannot rule out that possibility. But the good ones don't encourage bad practices.

  9. Pascal Monett Silver badge

    Let me see if I understood this correctly

    So, in an Azure AD environment, you have the cloud AD and the on-prem AD, which both have logs, but there are some instances where you login in the Cloud and it is not recorded in the same log than in the on-prem log, and the Unified thingy does not carry the info either, so it's not all that Unified.

    Great. Feels like that makes security controls real easy to handle.

    Still doesn't let SolarWinds123 off the hook, though.

  10. iBurbot

    Well .. if this doesnt finish the bloatware that is .net than I dont knwow what will.

  11. Version 1.0 Silver badge
    Happy

    Something changed today

    Mail server login attempts from Russia and China have dropped from one every 15 seconds for the past four years, to one every 8 minutes today. No, I'm not relaxing, I'm just wondering why and checking the server and firewall logs. I wonder if some agency has hacked the servers sending these out?

    Could it be that various nations have decided that hacking a Biden run America is actually risky; hacking attempts over the last four year have gone up sky high but America has done virtually nothing about it under the last President.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022