Back to Main Navigation

PREDICT EXPLOITS

REDUCE COSTS

PREDICTION FOR THE CLOUD

ADVANCED CAPABILITIES

Back to Main Navigation

Resources

Predictive Threat Assessment Sign Up

Watch Now

PR1ORITY Product Demo
Back to Main Navigation

About CYR3CON

Come Join Us

CYR3CON is always looking for top talent to join our team.
View Openings
Back to Main Navigation

Take the next step to be in the know, now.

Complete the form and a member of the CYR3CON team will contact you shortly to discuss your cyber security needs.

Contact Form

Blog

Understanding the SolarWinds Hack:  Echoes of NotPetya

Posted by Paulo Shakarian on Dec 21, 2020 9:26:36 AM

Last week we heard of software companies around the world being breached due to a compromised software update process in SolarWinds Orion software.  This tactic, which leverages the trust relationship many organizations shared with SolarWinds – a reputable software provider – echoes one of the attack vectors from the 2017 NotPetya attack

Understanding the SolarWinds Hack Echoes of NotPetya

 

In 2017, the Ukrainian accounting software M.E.Doc was compromised in a similar fashion – and like SolarWinds - the downstream customers suffered the effects of a compromised software update process. 

These are notoriously difficult for the clients of such companies to protect against, as the flaws reside on infrastructure owned by the vendor, not the enterprise.  However, the attackers originally compromised M.E.Doc through a known vulnerability on their external infrastructure.  At the time of this writing, we do not yet know how SolarWinds was originally compromised. 

That said, we do know about several software vulnerabilities related to the attack: 

VMWare CVE-2020-4006 is known to be used by the attackers to elevate privileges after compromising systems through the SolarWinds update process.  CYR3CON had predicted exploitation of this vulnerability in November with a CyRating over 14 (14 times more likely to be exploited than an average CVE). 


FireEye released a list of sixteen vulnerabilities used in their penetration testing tools.  CYR3CON has previously provided predictions about all of them – you can see our coverage in last week’s blog. 

 

Topics: Vulnerability Management