Tuesday, 5 January 2021

How were you not monitoring network traffic that is calling out to an unknown destination?

 “How were you not monitoring network traffic that is calling out to an unknown destination?” Mahoney said. “What are you doing if you are not monitoring your network in an automated fashion?” A message to SolarWinds seeking a response was not immediately returned on Tuesday. Automated monitoring solutions would alert a company when information is being sent out from its systems to an unknown location and when data is being sent back, Mahoney said.

“If they’re not even doing that at a minimum, that’s scary. That’s really scary,” he said. “And obviously they’re not, because none of them caught it.” There also appears to have been a striking lack of DNS protection that should have blocked the hackers from gaining deeper access after the initial malware communicated back to their server, Mahoney said. “If any one of these customers had had a really good DNS security system in place, all of this command and control stuff--that allowed the second stage of this attack to occur, where they were actually able to get to a terminal session--never would have occurred,” he said.

An estimated 18,000 organizations have been hit with malware via computer engineering careers. Those include FireEye—which first disclosed the breach on Dec. 13—as well as Microsoft, Cisco Systems and VMware. The attack has also led to breaches at U.S. government agencies including the Treasury and Commerce Departments as well as the Departments of Defense, State, Energy and Homeland Security.



No comments:

Post a Comment