This month – December 2020 – has been quite something ! to the point its funny to comprehend all this chaos and this shock! Many important companies and governmental organizations were hit hard by attackers. The first one this month was FireEye – the giant cyber security company that offer services to many organizations. Hackers stole it’s “Red Team” tools.It was embracing in my opinion and there is a lesson to learn , that nobody can be secured completely even top experts like FireEye!
That attack was the silence before the storm. The storm was Solarwinds, it’s truly winds that blew off thousands of organization worldwide from every field. It was a “supply chain” attack that infected the vendor Solarwinds software first. A malicious code was applied in the update and signed securely so every customer could download it.
The problem is that happened quite long time ago, so the attackers possibly managed to enjoy diving into the infected networks and computers. It was a malware Sunburst that targeted both IT and OT systems at the same time. No evidence yet about the OT part, but surely it affected organizations and vendors who are dealing with ICS. Im still waiting for the evidence.
I know that there will be secrecy and confidential silence from both OT vendors and OT organizations. Why? Because Let’s not forget its critical infrastructure and its critical to share it with the public. As usual , there will be always a leak somewhere and sometime like Trisis and others , then we will find out.
Solarwinds is about network performance and analysis (eg. A police). So imagine this: A police monitors and is being monitored by a hacker 🙂 Thats the ultimate goal for an attacker- its heaven, because i don’t know how far Solarwinds can go deep into a network, the attacker has a free license to do that too.
Im going to call this year the Corona year , it started strong with a virus and it ended by a massive malware and a cyber attack – Sunburst. There is a vaccine available this month for Covid-19 infection. Maybe there will be a vaccine for Solarwinds 😉