Martin Booz Allen Hamilton, National Security Administration, Defense Department discussed on Daily Tech News Show

Automatic TRANSCRIPT

Hundred companies in the us lockheed martin booz allen hamilton pricewaterhouse coopers federal reserve the defense department the state department the. Us secret service. The national security administration. Thirty three thousand of those customers use the orion platforms not all three hundred thousand but a large number and solar winds believes that eighteen thousand of them installed. The malware infected versions. Now not all thousand were targeted but even a small percentage. That's a lot of targets cd. Net reports that administrators are finding signs of the malware on their orion systems. But few are reporting. The second stage payload that would be used to elevate access so it's believed the attackers targeted specific customers around the world fire. I for example announced. The intrusion in its network reported last week was caused by the solar winds breach. It has published detection rules on. Get hub That you can access if you need them. Microsoft confirmed the solar winds compromising security alert to its customers and provided countermeasures including detection. Rules added to defend her The us cybersecurity and infrastructure agency or cc issued an emergency directive instructions on how all federal civilian agencies can detect an analyze compromise systems and advise them to shut down. Orion's he said vises. All hosts monitored by ryan to be treated as compromised until you're certain otherwise fireeye calls the malware sunburst if you're out there looking around uc sunburst. That's what that refers to although microsoft has dubbed it salora gate so we we have a couple of different ways to refer to it. The attack worked by entering the network through the orion vulnerability however it got in there and then gaining elevated credentials once it was in your network that let attackers ford. Single sign on tokens which would let them impersonate privileged accounts which allow them to grant new credentials to themselves and gain high level access. The attackers were able to track authentication controls and access office three sixty five at the national telecommunications and information administration. We're definitely monitored emails. It probably did that in other places as well fire. I says that each attempted intrusion needed what they called meticulous planning and manual interaction. This wasn't a set it and forget it blast. This was done intentionally to the targets. It affected fire. I says the victims have included government consulting technology telecom and extractive entities north america europe asia and the middle east. So it's not just the us government we anticipated. There are additional victims and other countries in verticals says fire fireeye and yeah the. Us government appears to be one of them. Reuters sources saying that network intruders accessed internal email traffic of the us department of treasury and commerce and possibly other agencies. The us commerce department confirmed a breach and said that cease and the fbi are investigating and the national security council reportedly met on saturday to discuss this issue. So this is big. It affects a lot of companies. It affects a lotta governments. It affects highly sensitive information. It seems to be meant to gather intelligence by going after email. Communications but let. Let's start with the way it got there. The supply chain attack. Can you explain to us. What a supply chain attack is.

Coming up next