The SolarWinds Breach & Code Signing
"It’s hard to overstate how bad this is." - Bruce Schneier
Sometime before March 2020, hackers working for the Russian SVR hacked into SolarWinds and slipped a backdoor into an Orion software update. Users who downloaded and installed that corrupted update were subject to a supply-chain attack that allowed a malicious hacking group access to unknown quantities of sensitive data. Orion software is used by very sensitive companies (more than 400 of the Fortune500 largest companies and a lot of government agencies) to monitor all of their IT. So how did this happen? Why didn't code signing prevent a third party from injecting bad code?
To protect yourself against this type of attack you might want to think about keeping a tight inventory on the cryptographic assets that make code signing work. A cryptographic key inventory starting with the private key that actually signs your updates, and includes information about how you measure access to keys, how you store keys, and who has access to keys.
- More about key inventory in our white paper: https://cryptosense.com/whitepapers/cryptography-inventory-whitepaper/
- HSMs and how they get breached: https://www.youtube.com/playlist?list=PLA-8aGQm6tkIgd8-zi4PtCO79qmmtKyCm
- Cryptography breaches: https://www.youtube.com/playlist?list=PLA-8aGQm6tkLoaLzuoxv_IIxTH3uMLgSD
/////
Find out more about Cryptosense: https://cryptosense.com/
Follow us on Twitter: https://twitter.com/cryptosense
/////
Cryptosense CEO Dr. Graham Steel was formerly an academic researcher before founding Cryptosense in 2013. His cryptography expertise is the basis for the company's 'Analyzer' technology which allows customers to protect themselves against losing sensitive data.
Видео The SolarWinds Breach & Code Signing канала Cryptosense
Sometime before March 2020, hackers working for the Russian SVR hacked into SolarWinds and slipped a backdoor into an Orion software update. Users who downloaded and installed that corrupted update were subject to a supply-chain attack that allowed a malicious hacking group access to unknown quantities of sensitive data. Orion software is used by very sensitive companies (more than 400 of the Fortune500 largest companies and a lot of government agencies) to monitor all of their IT. So how did this happen? Why didn't code signing prevent a third party from injecting bad code?
To protect yourself against this type of attack you might want to think about keeping a tight inventory on the cryptographic assets that make code signing work. A cryptographic key inventory starting with the private key that actually signs your updates, and includes information about how you measure access to keys, how you store keys, and who has access to keys.
- More about key inventory in our white paper: https://cryptosense.com/whitepapers/cryptography-inventory-whitepaper/
- HSMs and how they get breached: https://www.youtube.com/playlist?list=PLA-8aGQm6tkIgd8-zi4PtCO79qmmtKyCm
- Cryptography breaches: https://www.youtube.com/playlist?list=PLA-8aGQm6tkLoaLzuoxv_IIxTH3uMLgSD
/////
Find out more about Cryptosense: https://cryptosense.com/
Follow us on Twitter: https://twitter.com/cryptosense
/////
Cryptosense CEO Dr. Graham Steel was formerly an academic researcher before founding Cryptosense in 2013. His cryptography expertise is the basis for the company's 'Analyzer' technology which allows customers to protect themselves against losing sensitive data.
Видео The SolarWinds Breach & Code Signing канала Cryptosense
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
AWS KMS vs. Azure Key Vault
Solarwinds Orion Hack December 2020
The Codecov Incident - How do supply chain attacks work?
Learn Cryptography | Part 1 - Introduction to Cryptography Risk
Explaining Keystores | Part 3 - PKCS#12
What is Post-Quantum Cryptography?
The SolarWinds Hack: The Largest Cyber Espionage Attack in the United States
What do Germany and France think about Post-Quantum Cryptography?
The SolarWinds Hack Explained | Cybersecurity Advice
How did SolarWinds' massive data breach go undetected for months?
SUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShell
SolarWinds Breach | Protecting from on-premises attacks | EP2
Updates on the SolarWinds Sunburst Supply Chain Attack | FireEye Hack
Biggest Cyber attack just got public | solarwinds | fireEye
Analysis of the SolarWinds Attack
Learn Cryptography | Part 2 - Breaches and Attacks
SolarWinds Sunburst Hack: What you need to know
Hackers ने ऐसे लगाई IT Security में सेंध, Fortune 500 companies बनी target| Solarwinds Hack|Orion
SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims
SolarWinds Breach: An RSAC Interview with Dmitri Alperovitch About Who, How and Why