Sunburst: The SolarWinds Hack, How You Could be Affected, and How Keysight Can Help

Posted on05/01/2021

IMPACT


On December 13th, CISA issued directive 21-01, instructing all customers of SolarWinds that a breach had been detected in their supply chain of software. Using a variety of tactics, nation state hackers disrupted the digital supply chain of SolarWinds' software development and implanted a backdoor into their security event monitoring software. This backdoor has impacted at least 18,000 potential customers of SolarWinds, and will be a headache during this holiday period to remove and remediate. Many in the industry have already done fantastic detailed writeups, including MicrosoftFireEye, and Volextiy. Without a doubt, more information will be coming in the next few months.


KEYSIGHT HAS YOU COVERED TODAY


Simulation


Our leading cyber security solutions, 
BreakingPoint and Threat Simulator, are introducing new content this week designed to test your security controls capabilitiy to detect Sunburst activity on your network. FireEye released a set of IDS detection rules for Sunburst in Snort format on github, and using this along with reverse engineering, we've created traffic flows that simulate the same command and control traffic as seen by them and others. We are also releasing network traffic flows that download the same dangerous binaries highlighted in this week's news, designed to test network based malware detection systems. All said, we are adding 15 new command and control test audits, and 6 new malware downloads to both products.

Detection


Are you struggling to find out if SolarWinds' products are deployed in your environment? While software inventory management solutions provide excellent insight into what is installed on a host, sometimes they are unavailable or deployed incorrectly. Keysight's 
AppStack provides excellent coverage for over 1000 known network applications which currently includes SolarWinds' Network Performance Monitor (NPM) and Server and Application Monitor (SAM), both of which are part of the Orion platform. In the next release, we will include more elements of the Orion platform, including the Network Configuration Manager (NCM). These AppStack signatures will help you identify any installations of SolarWinds you might have missed, whether due to shadow IT, misconfiguration, or need an additional layer of verification.

THAT'S NOT ALL


As 
Mike talked about earlier this month, we already have the Red Team toolkit available for testing in both platforms. We've started down the path of endpoint testing, first with NJRat, then Trickbot, and now we're working on Sunburst. Expect more as we dig into both our own discoveries regarding this attack, and keeping up with the research from our peers.

Keysight Technologies Inc. (NYSE: KEYS) is the world's leading electronic measurement company, transforming today's measurement experience through innovations in wireless, modular, and software solutions. With its Hewlett-Packard and Agilent legacy, Keysight delivers solutions in wireless communications, aerospace and defense and semiconductor markets with world-class platforms, software and consistent measurement science. The company's nearly 12,600 employees serve customers in more than 100 countries.

Pick the Type of Solution that Best Suits You

Contact us for quotation, we will give you the best pricing and advice!

Contact Us Now

Menu

Settings

Create a free account to save loved items.

Sign in

Create a free account to use wishlists.

Sign in