MFA, Us Government discussed on Daily Tech News Show

Automatic TRANSCRIPT

That bill won't come before parliament until next year at the earliest would go into effect in twenty twenty two all right that one. I'm not sure about that. Well we need more details about it to be sure about it. It's it's in the earliest stages more details continue to come out related to the attack on solar winds orion network management platform and it's used to intrude on email networks at government and corporate networks. A lot about that yesterday if you need to catch up. Researchers at velocity said monday that they had encountered the same attackers penetrating a think tank organization three times in two thousand nine thousand nine in early twenty twenty and the attackers were able to bypass multi factor. Authentication provided by a company called duo by gaining administrator privileges on target network and then stealing the secret key. What do oh calls. It's a key from server running the outlook web app. They could use the key to generate a valid cookie that would be set when accessing account that they had already acquired the username and password for that would bypass multi factor. Authentication didn't happen so mfa wouldn't fail. Mfa would never be called because they could forge the cookie to look like it already had been called essentially fooling the authentication server into thinking. Multi factor was satisfied some more details on the malware that was actually implanted into orion also came out. It identified its network. Traffic as the orion improvement program. It was passing around at store data inside legitimate files to try to keep it from being detected. It would also search for security and antivirus tools in order to avoid them. And the operators never communicated from outside the network with the same computer or network more than once that way. There wouldn't be a build up of suspicious traffic from a particular source and they would only connect to the malware from outside the minimum amount of time they needed to to gain access to stolen credentials. Then we'd just use the stolen credentials and not access them. Our again reducing the ability to detect that something wrong was going on The malware also didn't use any code from previous malware which is often something malheur makers do which made it harder to detect. Can't wait for the movie. This is so convoluted and complex and I mean there's a movie to be made about a lot of this. I'm pretty sure sorry. this is my technical take. Yeah i mean it's it's it's fascinating stuff and we're going to keep getting more revelations about this obviously just the number of important organizations is going to keep building up We we talked about a few of them yesterday but but more. Us government organizations more corporations and it is going to be fascinating to find out how this operated. This is a sophisticated actor. It's obviously nation state backed. This is not the kind of thing that your average attacker out there can pull off. It may sound easy to be like. Oh yeah you get admin privileges and you steal the secret key. But even admins don't necessarily know how to extract that key and create the forged cookies and if you're gonna come at duo and say well..

Coming up next