Jun 29, 2021
They Said It Couldn’t be Done…
Are you tired of hearing: It can’t be done?
It’s late June 2021 and you have heard more testimony, more debate, and more horror stories about the UNC2452 (named by Microsoft as “Nobelium”) attack on the SolarWinds Orion platform that infected thousands of SolarWinds products. This in turn cost US Government Agencies and at least 18,000 businesses millions to investigate and remediate from potentially compromised networks.
A debate around sufficient defenses goes on as The Hill reported that “In a June 3 letter to Sen. Ron Wyden (D-Ore.) provided to The Hill on Monday, Cybersecurity and Infrastructure Security Agency (CISA) acting Director Brandon Wales agreed with Wyden’s question over whether firewalls placed in victim agency systems could have helped block the malware virus used in the SolarWinds attack. “CISA agrees that a firewall blocking all outgoing connections to the internet would have neutralized the malware,” Wales wrote.
Instead of firewall vendors piling on support for the Wale’s letter and touting the effectiveness of their products, The Hill goes on to say that leaders of top cybersecurity groups FireEye and CrowdStrike pushed back against the idea that a firewall could fully have prevented this attack or others. Furthermore, Kevin Mandia of FireEye continues in the interview: “We do over 600 red teams a year, and firewalls never stopped one of them,” FireEye CEO Kevin Mandia testified at the same hearing in February. “A firewall is like having a gate guard outside a New York City apartment building, and they can recognize if you live there or not, but some attackers are perfectly disguised as someone who lives in the building and walks right by the gate guard. In theory, it’s a sound thing, but it’s academic, in practice, it’s operationally cumbersome.”
Lastly, CrowdStrike President and CEO George Kurtz agreed, testifying that “firewalls help, but they are insufficient,” and noting that “they are a speed bump on the information superhighway for the bad guys.”
Yes, we agree that using traditional cybersecurity products would not have stopped this attack. That’s the hard reality. However, that’s where our agreement ends. We believe that your network is already infected. With that in mind, companies need to understand that there are new cybersecurity products that inherently deliver Zero-Trust in an affordable and plug-and-play manner. This wasn’t the case even two years ago, but it demonstrates just how quickly this space is evolving. Every cyberattack needs a path. It needs a path from the victim machine (even virtual) to a command and control (C2) server and eventually the malicious cyber actor’s machine (unless it’s an insider job – we address that too). We specifically built Shield to inspect this path and kill known malicious connections while allowing the 5.1+ billion known good IP communications to take place without slowing down your network. And because our real-time AI assumes a complete zero-trust operational environment for your communications, if data packets are not destined for one of those IPs, it is stopped in its tracks. Shield had previously identified the SUNBURST indicators of compromise IP space and URLs in early 2020 and has been denying communications to that space for our customers ever since.
For more information on the SolarWinds Hacks, please see:
The SolarWinds Cyber-Attack: What You Need to Know (cisecurity.org)
The SolarWinds hack timeline: Who knew what, and when? | CSO Online
Microsoft Drops ‘Solorigate’ for ‘Nobelium’ in Ongoing SolarWinds Attack Investigations — Redmondmag.com
New sophisticated email-based attack from NOBELIUM | Microsoft Security Blog
Dave Gast (CEH/SEC+/ITIL 4/PMP) is an INTRUSION Sr. Threat Researcher & Info/Cyber Security Subject Matter Expert with a 26 year active duty military career and 10 year government contracting consulting role including extensive cyber intelligence and threat analysis.
Ready to get protected?
INTRUSION Shield is inexpensive enough to be affordable to every business, large or small. For a small fee per seat, per month – with no annual contract and no hardware to buy – you can get immediate protection.
Get your free report
Simply enter your URL and get a detailed report emailed to you.