![]() Gaining administrative control over Active Directory enables threat actors to pose as legitimate IT users within breached organizations, to authenticate using valid credentials, to lift user access controls, and to create new accounts, among other activities. Active Directory stores an organization’s IT user accounts (i.e., names and passwords) and associated access controls, which permit or deny users privileges to and permissions for IT resources, such as applications, servers, and files. Microsoft President Brad Smith, who testified in the same hearing, said his internal security team estimated the SolarWinds hack involved the work of “at least 1,000 engineers.” Given that type of time frame and resourcing, it’s perhaps possible to begin to appreciate what the threat actor achieved in this hack.Īs to one factor that complicated detection, a key step in the second stage of the hack involved compromising Microsoft’s Active Directory in breached organizations. Mandia told Congress the SolarWinds hack is just the latest in what has been a “multi-decade campaign” for this threat actor. ![]() Cyber Command Executive Director Dave Fredrick said at a virtual event last week that there’s “no evidence” Defense Department networks were compromised by this cyberattack.) Some of that may be true, but it also overlooks some truly remarkable aspects of this hack, at the risk of underestimating this threat actor and misjudging effective solutions. Others point to failures in the security architecture, technologies, and processes at government entities, including the 12 known to have been compromised in the hack. Some have said that the Cybersecurity and Infrastructure Security Agency’s EINSTEIN technology should have detected the attack. government failed to detect the SolarWinds cyberespionage campaign. ![]() Public and private sector officials continue to openly question how it’s possible the U.S. By comparison, exploiting the zero-day vulnerabilities recently disclosed in Microsoft’s Exchange software is child’s play. WASHINGTON: Continued investigation reveals just how technically advanced the SolarWinds hack was - and how challenging it must have been to execute.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |