We have launched our mobile app, get it now. Call : 9354229384, 9354252518, 9999830584.  

Current Affairs

SolarWinds cyberattacks

Date: 02 January 2021 Tags: IT, Mobile & Computers

Issue

Microsoft has revealed that its internal source code was likely accessed by the attackers during investigation into SolarWinds cyberattack.

 

Background

The attack primarily targeted the United States (US) government and several other private organisations. The SolarWinds cyberattack was first revealed in December by cyber-security firm FireEye.

 

Details

  • Microsoft’s internal security research team has found evidence that the attackers accessed some internal source code in the company’s systems. 

  • Microsoft has not confirmed what source code was accessed by the hackers. However, the fact that the hackers got in so deep is quite worrying, given the importance of source code in any piece of software.

  • Source code is the key to how a software product is built and if compromised could leave it open to new, unknown risks. Hackers could use this information to exploit any potential weakness in the programmes.

  • Microsoft has said that the attack has not put any risk on its users or customer data. They believe that the act was performed by a powerful state actor.

  • The company notes that its threat models work on the belief that attackers have knowledge of their source code.

  • Microsoft is downplaying the risk saying just viewing the source code should not cause any new elevated risks.

  • The problem with this cyberattack is that it has been going on for so long that the full scale remains unknown. 

  • FireEye has revealed new details about the Sunburst malware. The malware exploited the SolarWinds Orion software, which is used by thousands of companies, including several US government agencies.

 

Sunburst

  • Sunburst is a malicious version of a digitally signed SolarWinds Orion plugin that contains a backdoor that communicates via HTTP to third-party servers.

  • It appears that the plugin remains dormant period of up to two weeks, after which it starts executing commands and carrying out tasks such as transfer of files, execute files, profile the system, reboot the system, and disable system services.

  • The malware performs numerous checks to ensure no analysis tools are present. This cautious approach is what helped the malware evade detection by anti-virus software and forensic investigators for seven months after its introduction to the SolarWinds Orion supply chain.