Learn how you can simplify your risk management and take charge of your cybersecurity with SureShield's intuitive and powerful solutions.
SOLARWINDS SUPPLY CHAIN ATTACK & THE DARK WEB
The SolarWinds Supply Chain attack in December 2020 impacted major government organizations and companies. This incident highlights the severe impact software supply chain attacks can have on organizations and the proof that many of them are woefully unprepared to prevent and detect such threats. The attack was said to have allowed hackers to access the network of US cybersecurity firm FireEye. Even though FireEye did not name the hackers, the Washington Post reports it is APT29 or Cozy Bear, the hacking arm of Russia’s foreign intelligence service, the SVR. Read more about the SolarWinds Supply Chain breach on our blog.
Information Sold on the Dark Web
SolarWinds Supply Chain develops software, known as Orion, which helps businesses manage their own IT, networks, systems and infrastructure. It is believed that fewer than 18,000 of its major government and corporate clients were compromised. This includes US government agencies. There have been several claims from hackers, regarding stolen data and tools. More importantly, there have been attempts to sell it online. They also claim to have more data over time as they work through all the data they have. It remains to be known whether the sale or alleged data and tools are genuine.
The group speculated to be Cozy Bear or APT29 announced on the regular web and the dark web that they would be putting the data they have stolen up for sale. They are offering to sell the data in four lots – Microsoft for $US600,000, Cisco for US$500,000, SolarWinds for $250,000, and FireEye for $US50,000. Alternatively, one buyer could get the lot for $1 million.
The hackers have allegedly already uploaded the files to the dark web, however, a key or password is required for access. They say that they can prove that the data is genuine and that the sale does not include any intelligence data from the US Treasury or the Department of Commerce, which were also hit in the attack.
Cisco has revealed that there is no evidence that their intellectual property was stolen in the attack, but are aware of the website claiming to have the data for sale. Microsoft also acknowledged that they had detected malicious SolarWinds applications in its environment. One account is said to have been used to view the source code and source code repositories. However, they claim that the activity did not put the security of its services or customer data at risk.
Hundreds of thousands of companies and government organisations across the world use SolarWinds’ Orion software. Hackers infiltrated SolarWinds’ systems and inserted malicious code into updates that were sent out and installed by a number of the company’s customers. The updates were released between March and June 2020, meaning hackers were potentially able to spy on many of these organisations for many months. This is why organizations need to have the means to protect themselves from hackers by instilling dark web surveillance software. Such software alerts organizations when they or their data is at risk.
By Breach Shield
BreachShield provides comprehensive dark web monitoring and risk response guidance:
- Network intelligence with multiple risk assessment techniques
- Compilation of threat actor communications to identify threats in one searchable database
- Dark web forum human-driven data analysis and advanced threat intelligence
- Key insights into real-time risks with breach intelligence and third-party exposure
- Protection for network assets such as infected devices, malicious access, compromised credentials, etc
- Safeguards corporate credit cards
- Root cause analysis by integrating data from SureShield’s modules (SecurityShield, HackShield, and ComplyShield)
- Comprehensive risk response and remediation process
In short, the software provides 4 simple ways to mitigate your organization’s risk:
- Discover and identify breached data
- Establish continuous monitoring
- Receive threat intelligence alerts
- Guided remediation to avoid further risk exposure
INSIGHT INTO THE WORLD’S LARGEST PASSWORD COMPILATION LEAK
What seems to be the world’s largest password collection has been released on a prominent hacker site. A forum member released a large 100GB TXT file containing 8.4 billion password entries, probably compiled from prior data dumps and hacks. All of the passwords in the leak are said to be 6-20 characters long, with non-ASCII …June 25, 2022 READ MORE
DATA BREACHES CONTINUE TO TARGET THE HEALTHCARE SECTOR
There has been an increasing number of data breaches, ransomware and cyber attacks on healthcare organizations. Additionally, the COVID-19 pandemic has seen a bigger surge of such attacks on the healthcare sector. While some cybercrime gangs have sworn off attacking these facilities as they provide critical services; others view hospitals as easy targets since they …June 25, 2022 READ MORE
ANALYZING THE HEALTHCARE SECURITY & COMPLIANCE CONCERNS DRIVEN BY COVID-19
While the global healthcare sector focuses its attention on fighting the Covid-19 Pandemic, cyber criminals have been quick to take advantage with attacks having risen over 300% since the pandemic began. From the U.S. Department of Health and Human Services reporting an attempted DDoS attack, to the World Health Organization revealing that it has had …June 25, 2022 READ MORE