Orion Network, Microsoft, Martin Booz Allen Hamilton discussed on Daily Tech News Show
Orion network management platform as a network management platform called orion from a company called solar winds has led to attacks on fire. The fire i attack. We talked about last week. Microsoft and several us government agencies. Solar wind said sunday that updates to its orion platform that happened between march and june may have carried malware as a result of a sophisticated nation states supply chain attack. Solar winds says microsoft noted. It noted it notified it of a compromise to solar winds office. Three sixty five accounts. It's not sure if that's how the supply chain attack was carried out but it's investigating. Solar winds did call for all orion customers to update to its latest version immediately. That'll partially mitigate this and it plans an additional patch tuesday to fully defend against it so winds has three hundred thousand customers worldwide including most of the fortune five hundred companies in the us lockheed martin booz allen hamilton pricewaterhouse coopers federal reserve the defense department the state department. The us secret service. The national security administration thirty three thousand of those customers use the orion platforms. Not all three hundred thousand but a large number and solar winds believes that eighteen thousand of them installed the malware infected versions. Now not all thousand were targeted but even a small percentage. That's a lot of targets cd. Net reports that administrators are finding signs of the malware on their orion systems. But few are reporting. The second stage payload that would be used to elevate access so it's believed the attackers targeted specific customers around the world fire. I for example announced. The intrusion in its network reported last week was caused by the solar winds breach. It has published detection rules on. Get hub That you can access if you need them. Microsoft confirmed the solar winds compromising security alert to its customers and provided countermeasures including detection. Rules added to defend her The us cybersecurity and infrastructure agency or cc issued an emergency directive instructions on how all federal civilian agencies can detect an analyze compromise systems and advise them to shut down. Orion's he said vises. All hosts monitored by ryan to be treated as compromised until you're certain otherwise fireeye calls the malware sunburst if you're out there looking around uc sunburst. That's what that refers to although microsoft has dubbed it salora gate so we we have a couple of different ways to refer to it. The attack worked by entering the network through the orion vulnerability however it got in there and then gaining elevated credentials once it was in your network that let attackers ford. Single sign on tokens which would let them impersonate privileged accounts which allow them to grant new credentials to themselves and gain high level access. The attackers were able to track authentication controls and access office three sixty five at the national telecommunications and information administration. We're definitely monitored emails..