Biggest Cyberattack Ever? | FireEye | Solarwinds | 2020
“Systems were exposed,” says tech giant Microsoft!
Not only Microsoft but the majority of fortune 500 companies the FBI, NSA, and other US Govt. agencies plus more than 18000 companies are vulnerable to this attack! This attack is not less than a real day Sci-Fi story.
If this is the first time you are hearing this out don’t worry, I will explain to you in the easiest way possible to help you understand the gravity of this attack and what just happened.
We cannot think of any worst that can happen at the ending of 2020 after the big nightmare of COVID-19
Cybersecurity is a domain where they protect us from cyber threats and attacks, and help protect us on the internet and online world. Cybersecurity experts could be called Modern-day marines of the Internet.
But no matter how big you are (companies) the cyber threat is real and there is always the risk of exposing yourself to vulnerability.
Now is the big giant and market-leader that provides cybersecurity solutions to most of the fortune 500 companies including the FBI, NSA, the treasury department, and also various Govt agencies. When I say “most of the” (meaning more than 90%) it will help you to understand the scale of this attack. It is so big that even higher management is not allowed to travel outside the USA for even a vacation concerning security reasons. FireEye is the biggest name in the industry.
Recently on 8 Dec 2020, FireEye Cheif Executive Kevin Mandia admitted publically on the blog post that “ We were attacked by highly sophisticated threat actor” they say attackers now have access to their red team assessment tools that they use to test their customer’s security.
To understand what do they mean by the Red Teams assessment tools we need to understand how cybersecurity firm works.
There are two teams the Red Team and the Blue team, The Job of the Blue team is to roll out the patches, secure and put the firewalls so that attackers cannot breach. Whereas the red team job is to simulate the attack in the control environment. The tools they build mimic the behavior of many cyber threat actors. These tools are so complex and so much powerful that they can do some real damage if they got out. And yes you probably have guessed it right by now those “Red attacks” got stolen from the stack that they were stored.
FireEye says that there were no “Zero-day” tools that got stolen. Zero-day is a potential vulnerability that has no patches yet, and very few people know about it. You can say it as most recently invented Malware that nobody knows how to fix.
Taking you to part two of the story. is the client of FireEye and is a Network Monitoring tool that most fortune 500 companies use including Microsoft, FBI, NSA, and other Govt. agencies. You name it and they are using Solarwind for network their monitoring (18000 companies). That means a large portion of the internet is monitored by this tool SolarWind.
These attackers after getting access to these Red Tools from FireEye somehow figured out a way to inject a malicious “ dll “ along with a patch update for SolarWind in March 2020.
(this is scary systems of big giants have been compromised since March) .This patch is going to act as a potential vulnerability to everyone who installs this update. And till now everybody has probably made an update.
On 8th Dec 2020, FireEye officially announced what happened. (You are free to connect the dots to Google service been Down recently).
The scary part is this is going on since March 2020,
“ the attacker primarily sought information related to certain government customers. While the attacker was able to access some of our internal systems,” says FireEye. Hackers have all the data of Big Giants from March 2020.
They are saying this attack was planned by Russia, but there is no proof of that to date.
Here I have linked the articles and the Official statement from FireEye.
Originally published at https://www.bloombisect.com on December 22, 2020.
