The SolarWinds Hack Explained | Cybersecurity Advice
Рет қаралды 119,986
3 жыл бұрынYou’ve probably heard about the latest major cyber attack, hitting organizations through a malicious code injection in a SolarWinds product. There’s a lot to it. Thankfully, CBT Nuggets trainer Keith Barker (@KeithBarker) is here to break down some of the details -- how it happened, how the perpetrators did it, and what can be done to prevent incidents like this from happening again.
Check out a detailed explanation of the SolarWinds Advanced Persistent Threat (APT) attack and other intrusion tactics on our blog: blog.cbt.gg/t9p
Not a CBT Nuggets subscriber? Start your free week: cbt.gg/2I5NxY1
-----------------
FireEye, one of the world’s leading cybersecurity firms, announced on December 8th, 2020, that state-sponsored hackers had broken into their systems and stole their penetration testing tools. This was the first discovery of the sweeping cyberattack, on malware they call “SUNBURST.” FireEye also discovered that they weren’t alone -- SolarWinds’ Orion update servers had been corrupted and weaponized by the very same hackers, affecting 18,000+ private and government organizations, going back to Spring of 2020.
At this point, no one can be certain how many customers this has affected, but this was easily one of the biggest cyberattacks of the decade. This massive breach impacts critical U.S. government agencies, including the Departments of State, Homeland Security, Energy, Treasury, Commerce, the Pentagon, and the National Institutes of Health.
International technology companies in the private sector weren’t spared either, as Cisco, Intel, Nvidia, Belkin, and VMware were all targeted as well.
-----------------
Connect with CBT Nuggets for the latest in IT training:
Twitter - / cbtnuggets
Facebook - / cbtnuggets
Instagram - / cbtnuggets
LinkedIn - / cbt-nuggets
#solarwinds #cybersecurity #cyberattack
@jermainemarshall6819 3 жыл бұрын
Keith Barker demystifying IT with CBT Nuggets since 2012. Best video on KZfaq about the Solar Winds attack.
@arunkaruppiah3543 3 жыл бұрын
Thanks, Instructor Barker for explaining the Solar winds hack in a simplified way for a layman to understand. Understood the terms supply chain attack much more clearly from your video. Thank you once again :)
@SOSO-oz4wc 2 жыл бұрын
Best video on the subject, really clear and precise. Nice for someone to start on this topic.
@zzKirus 3 жыл бұрын
I haven't heard your voice since I was studying for SY0-301... Nice video & thanks for helping me pass that btw lol...
@stungun3009 3 жыл бұрын
Same here (: Did my CCNA in 2014 and was going through the course by him, loved the way he presented it
@patrickbryant1275 2 жыл бұрын
@@stungun3009 its great i decided to read comments then, im only 15, but i was hoping to get the certifs for being an IT or otherwise
@Dwg256 2 жыл бұрын
435
@moorthyy27 2 жыл бұрын
I am your student learned checkpoint and f5 your videos are so greatly improved my productivity thanks
@TheAmitGill 3 жыл бұрын
Always a pleasure to listen to Keith
@robertwolfe8530 3 жыл бұрын
keith is the best at teaching anything IT related hands down
@bustsomecaps 3 жыл бұрын
great explanation! youre my fav teacher on cbt always so cheery i dig it :)
@sanjapetricmilosevic6709 3 жыл бұрын
As always the one and awesome @Keith Barker
@watertheirsouls 3 жыл бұрын
Thanks Keith! You just saved me hours of research!💞
@user.netizen11 3 жыл бұрын
Big fan of yours, sir! Recommendations on password was helpful.
@PradeepMJayaratne 3 жыл бұрын
Awesome summery what you explain in last of your video, Thank you so much!
@davidbohland5079 3 жыл бұрын
Love it. Great video, awesomely put together.
@LAP1050 3 жыл бұрын
Very informative in clear understandable detail. Thanks for sharing, just subscribed...
@MarekAndreansky 3 жыл бұрын
Good explanation. The tips at the end are a bit odd as they are aimed at general users while you were explaining a supply chain attack where this should not help you as the user. Still good to keep repeating thou.
@networking4all842 3 жыл бұрын
i agree.
@ChristoffelTensors 3 жыл бұрын
He is saying this because likely an individuals password security was the cause of supply chain infiltration.
@hanidarwisha2518 3 жыл бұрын
Thanks for the info, nice video good job man
@naeem8434 3 жыл бұрын
Amazing video sir you explain in a very simple way.
@ebhole 3 жыл бұрын
Keith Baker. The GOD of IT. Greatest of all Time. With an unmistakable voice
@stevenspringer2316 3 жыл бұрын
I wouldn't call him GOD, but he is the BEST IT trainer in the world.
@craigshreve9868 3 жыл бұрын
Thank you for the info!
@dalarmekerdichi6333 Жыл бұрын
Hi Keith can you share a link to a video or documents where can I learn SolarWinds ARM( Access Right Manager) please ?thanks in advance
@Enolram 3 жыл бұрын
2021 and this dude is still a rockstar IT!
@joeyhacker6663 3 жыл бұрын
Good explanation Keith. Nice production as well. Zscaler approved! :-)
@majiddehbi9186 3 жыл бұрын
thx keith I've been askin this question every where no one gave me responses even a simple one thx friend
@thomasmrozovich7631 3 жыл бұрын
I have a koozie, "I drink because your password is password." I'm going to have to make a new one, "I drink because your password is solarwinds123."
@eraser9812 3 жыл бұрын
Your channel really should be getting more views then it is....... guys for real share this shiz around and lets get this dude some more views...
@aslakmal6913 3 жыл бұрын
Thanks for the nice explanation
@senk0than 3 жыл бұрын
This is why the Privileged account management becomes the top priority for CISOs
@freshgino 3 жыл бұрын
Bro you’re awesome... I wish I knew earlier that you were on youtube too
@mauermeit-2565 Жыл бұрын
Hey Keith I’d also add to your recommendations, clicking on buttons or links through seemingly recognizable icons, even the time at which the website is displayed, all these things can be decorated and sincerely cybersecurity is the nearest subject we can personify as Pandora’s box
@balluvaranasi 3 жыл бұрын
Great video ☺️
@karanb2067 3 жыл бұрын
The hackers played smart...their malware was dormant for some time even after they got it in for AV evasion.
@tactics6659 3 жыл бұрын
Hey what if i attain my ccna,ccnp,ccie(security) in one year 2021? Sounds good
@weebywo6501 3 жыл бұрын
short and crisp!!
@cybertalkswithali 3 жыл бұрын
Hello, Can i get some reference links for how they compromise update server.
@markcapestro5390 3 жыл бұрын
Great video
@charlybravo 3 жыл бұрын
Breve y Conciso (in my mother language means Short & Concise).
@repairstudio4940 7 ай бұрын
I use Solar PuTTY and wondered if perhaps it too was compromised.... Liked and Subbed. 🎉
@basictech8337 3 жыл бұрын
Thank U
@sumbru 3 жыл бұрын
Password manager is a bad solution. If someone gets access to your passwd manager, they can steal all your saved passwords. Also people tend to set weak passwords for passwords managers believing that now that they keep passwords in a manager, then they are safe.
@arunkaruppiah3543 3 жыл бұрын
Perhaps can set a Passphrase for your Master Password for your Password Manager.
@user-ly2xe8hh4g 5 ай бұрын
3 YEARS AGO TODAY HOMELAND SECURITY
@bigjohn697791 3 жыл бұрын
Did they patch this issue? (I know a UK Defence research company that was using this no names back in 2016 don't know if they jump to another vendor as there was talk back in 2016 lets hope so!)
@petek2316 3 жыл бұрын
We have outsourced all aspects of software development for decades now. Because the US based programmers are expensive. Well, quite frequently you get what you paid for, cheap labor gets you crappy software. Once in a while you get security breaches, just like the SolarWinds one, whose software was developed in countries that used to be part of the Eastern Bloc. Places where Russians have large presence. It's like begging to be hacked. Will we ever learn?
@bkaley8974 3 жыл бұрын
And... Always wear a mask when installing software updates.
@smmstech 3 жыл бұрын
Awesome
@neuro5261 2 ай бұрын
I think what would have helped the most is having some dependency scanning or SAST/DAST in their cicd pipeline
@norrinradd8923 2 жыл бұрын
Wow 2:53
@AhTu1306 3 жыл бұрын
A zero day attack?
@Remador4ever 3 жыл бұрын
Well explained Keith. Thanks for the explanation!
@n-0-1 2 жыл бұрын
Expecting some sophisticated method of attack to gain privilege's, I was disappointed after finding out that they likely just dictionary attacked SolarWinds 😂
@elliottgarcia1640 3 жыл бұрын
What can you do if you did download apps from untreated
@mattbiz7910 2 жыл бұрын
Some of these supply chain/3rd party companies are too big. To rely and "hope" their security when they have so much access to your network is a little crazy.
@royalistparty8380 3 жыл бұрын
Security Advisory: (Updated 12/24/20) SolarWinds asks ALL ORION PLATFORM CUSTOMERS to update their Orion Platform software as soon as possible to help ensure the security of your environment. More information is available in our Security Advisory and FAQ pages.
@dannysnipes4315 3 жыл бұрын
SECTION 2: Firewall Torture
@dionokdie4234 Жыл бұрын
ETHICAL HACKER A.K.A BATMAN 👑
@aatifrehman4150 3 жыл бұрын
So r these attackers very advanced or not so very advanced ? The suspect pool just increased exponentially
@kso35 2 жыл бұрын
Where can I purchase the shirt??
@user-ly2xe8hh4g 5 ай бұрын
BATMAN 👑
@danielphaley6607 3 жыл бұрын
Great .... the black bug is still crawling along your bed line... !
@davissp14 3 жыл бұрын
No engineer worth their salt would store credentials in source control...
@UrbanGuitarLegend 2 жыл бұрын
You would if you are using a tool like Ansible or Puppet to deploy code but then it should be encrypted.
@UrbanGuitarLegend 2 жыл бұрын
An example would be AWS Access keys that you are keeping updated with Puppet or Ansible. But also I guess there are better solutions from AWS so you don't have to use access keys, just as having a role that you assign to an EC2 instance. Then you don't have to used access keys on the server. The role has the permissions and roles can be applied to an EC2 instance. Any code running on the instance then has the permissions that are assigned to the role.
@davissp14 2 жыл бұрын
@@UrbanGuitarLegend Yes, as long as it's encrypted it's mostly fine... I think generally the preferred approach would be integrating with Vault or something similar.
@robertp178 3 жыл бұрын
It's crazy how many people fall for these tricks even though we hear the same warnings all the time. That shows you that hackers are getting more sophisticated everyday. #StayFrosty
@suutari13 2 жыл бұрын
using too popular tools is a big security risk
@jacquelinenjeremiahcliff8440 3 жыл бұрын
Spooky stuff.
@adrianhdragon718 3 жыл бұрын
Interesting Name. Dunno much about Computers....yet...but one THING DO KNOW.....The SUN is the HARDEST HARDWARE in our SOLAR SYSTEM...But is it the SOFTWARE as well or is it PLUTO ???
@thesouthpole3915 3 жыл бұрын
They couldn't just modify update files on the FTP server as the malicious update was signed. I suspect compromise of a code repository.
@123avneesh 3 жыл бұрын
I’m so paranoid right now that I’m using EMail inside a VM.
@ThatBigGuyAl 3 жыл бұрын
Lol don’t lie
@DionOkdie-pt2ve Ай бұрын
#DMOBILE
@user-POPE 3 ай бұрын
DECEMBER 18... #HOMELANDSECURITYSUX
@loretbiget784 Жыл бұрын
Be careful about xhina.
@user-ly2xe8hh4g 5 ай бұрын
Why??? BATMAN 👑
@richardshane456 3 жыл бұрын
Only one way to ensure Cyber Security after a compromise ReMove all Systems from the Net, which includes all wireless access points ReBoot all systems ReLoad all systems with verifiable Known clean virgin software and firmware After the ReBoot, and ReLoad, an assessment of the System integrity must be evaluated before going live online Basically you've given up your whole infrastructure of systems, and cyber security, and networking. With a plausible corruption or intrusion by Unknown forces... Now your infrastructure that has been compromised will become as a State of National untrustworthiness of hardware and software, never to be trusted again! Boom there goes your infrastructure of computing Systems! 💥
@XRinger 3 жыл бұрын
A few Questions: Are there many SolarWinds Orion users in Russia? Who are they? If there are some users in Russia, why would an enemy of America use American network management software?
@SteveGillham 3 жыл бұрын
SolarWinds Orion is used by over 300,000 customers across the Globe, some of those will probably be in Russian. Many companies use software or hardware made from what you call "enemies" countries, this is because we live in a global economy and that what drives the usage. Around 85% of Russians Desktop systems run on Microsoft Operating System. gs.statcounter.com/os-market-share/desktop/russian-federation Total OS usage gs.statcounter.com/os-market-share/all/russian-federation
@sanjumc27 3 жыл бұрын
Our company is not usingcsolarwinds products
@sonfakipo4953 3 жыл бұрын
I hope this comment has gotten you And I like to thank you for sharing ☺️
@dionokdie4234 Жыл бұрын
#HOMELANDSECURITYSUX DECEMBER 18th is MY DAY😁👑
@esra_erimez 3 жыл бұрын
Keith, I remember watching one of your videos and your future son-in-law had called you to ask for your daughter's hand in marriage.
@dionokdie9396 Жыл бұрын
December 18th My BIRTHDAY WI$H... TO CATCH THESE HACKER$!!! BATMAN 👑 1987
@Vikbytes 3 жыл бұрын
I still need to understand that when the malware was downloading then what was the anti-virus doing?
@SteveGillham 3 жыл бұрын
This is not your typical malware, this was very stealthy and was not known by any AV products so would not be detected. A number of things made the attackers code stealthy. It was signed with valid certs. It laid dormant for 12-14 days before activating. It would also check what security tools were being run and would not run its main code if it detected certain EDR software were running. It would check to see if the target device was a device with Malware investigation tools installed and again would not run. It C&C used stenography techniques to hide is commands inside its traffic. So, its not your typical malware.
@Vikbytes 3 жыл бұрын
@@SteveGillham ok 👍
@nikquosthoni4270 3 жыл бұрын
@@SteveGillhamexcellent explanation amigo :-) gracias
@Jdeneik 3 жыл бұрын
Every top person in management at solarwinds (Orion) should be fired
@StevenAkinyemi 3 жыл бұрын
Why?
@magicflute5947 3 жыл бұрын
Hi Keith, it sounds like SolarWinds is a pure victim. How about the Dominion? Thanks.
@SteveGillham 3 жыл бұрын
There was nothing wrong with Dominion software, that was all just false claims. Conspiracy theorists are attempting to link a large-scale hack of U.S. federal agencies to debunked claims of widespread voter fraud. www.dominionvoting.com/latest-news-dominion-statement-on-dhs-advisory-regarding-solarwinds-orion-platform/
@jordanheaver6286 3 жыл бұрын
@@SteveGillham lool dominion have been caught lying, wouldn't trust that
@SteveGillham 3 жыл бұрын
@@jordanheaver6286 and you comment just shows how easy you have been caught up in the conspiracy theory. Its already been proven not just by Dominion that they never used Solarwind Orion and the photoshop screenshot was being used to prop up Trump fraud conspiracy. Still you believe what you wish as you are not willing to accept the facts.
@jordanheaver6286 3 жыл бұрын
@@SteveGillham u realise after they removed it, they forget to remove it from the source code. Do your own research
@SteveGillham 3 жыл бұрын
@@jordanheaver6286 What are you talking about, you are not making any sense at all. Please explain you comment "they forget to remove it from the source code"
@dionokdie4234 Жыл бұрын
#CELLPHONESKILL
@alinamarva3225 3 жыл бұрын
H Love that
@indridcold2872 Жыл бұрын
Orion is not a set of tools but a platform. Do your homework before doing a claim.
@luiggimondoli 3 жыл бұрын
I don’t buy it. With something as basic as wrong password lock out nowadays it’s imposible to guess a password. It must be an inside job.
@chromecast4408 3 жыл бұрын
It is not impossible to guess a password. Hackers can do sophisticated things and if you don't understand what they can do then don't deny the fact they can do it
@luiggimondoli 3 жыл бұрын
@@chromecast4408 At work if I enter the wrong password 5 times I get locked out of the network and I need the administrator to reset it. Do you mean hackers can bypass that?
@stacin821 3 жыл бұрын
solarwinds123 huh? Oops 😬
@stacin821 3 жыл бұрын
@Bobby Tawil I would have got it on the 2nd try then 😂 & I'm a business analyst IT person not security
@DIonOkdie-pf6wk Жыл бұрын
#HOMELANDSECURITYSUX
@SniperWolf2024 3 жыл бұрын
Yes we all do matter because God created the laws that quantum physics obeys and with out those fundamentals we canot exist. So we all have a greater purpose like a super computer. It was created to solve problems!
@jordanheaver6286 3 жыл бұрын
Dominion comes to mind....
@SteveGillham 3 жыл бұрын
Dominion does use SolarWinds software, however Dominion did not use the SolarWinds Orion product which was compromised. So was unaffected by this issue.
@suryakant6357 3 жыл бұрын
@@SteveGillham where are you from? (as you know too much)
@SteveGillham 3 жыл бұрын
@@suryakant6357 I do a lot of deep research into these types of things, its part of my job.
@SteveGillham 3 жыл бұрын
@@suryakant6357 UK
@suryakant6357 3 жыл бұрын
@@SteveGillham are you hacker or work for something like wiki leakes?
@coloneldoctor4500 3 жыл бұрын
Very well funded and highly skilled...Israel comes to mind. Just sayin'.
@anamikamajumder2330 3 жыл бұрын
instahaxor works, every other program is fake.
@user-ln6bq1gc9t 3 жыл бұрын
Have you seen Indiana Jones the Crystal Skull = what will happen to you when you evolve enough to see it
@dnxsol 3 жыл бұрын
Lots of woffle about nothing in-depth.. clickbait
@ttlhoang8837 3 жыл бұрын
thought that you can do better than this on the topic ! very sad Keith
@homomorphic 3 жыл бұрын
This is absolutely incorrect. The attack was far deeper than a mere compromise of the update server, the actual build system where the SolarWinds.Orion.Core.BusinessLayer.dll was compiled and linked was owned. The attackers simply built the malicious code into the actual binary; thus there was actually no need to compromise the update server at all, because the file being updated was the actual official binary from solarwinds. Solarwinds is negligent as they should have built the entire product on an isolated (non internet connected) network, and should have audited every component that was installed on that isolated network.
@user-ln6bq1gc9t 3 жыл бұрын
I know you are new to the net so ..A HELL
@pkz001 3 жыл бұрын
appreciate the information but your jolly explanation is really not able to get into the seriousness of the hack of the decade.
@shager350z 3 жыл бұрын
Ever watch game of thrones, read sun sue art of war.......................
@greob 3 жыл бұрын
This would not have happened with open-source software.
@SteveGillham 3 жыл бұрын
This could very easy happen to open source.
@pinkipromise 3 жыл бұрын
woof woof
@mridulranjan1069 Ай бұрын
Useless
@suhasdalvi4594 3 жыл бұрын
You are still at 30000 feet mate and hardly managed to explain it at a granular level. The recommendations are useless and not fool proof
@pepeshopping 3 жыл бұрын
Ha! “Don’t download files from unknown sources”. Riiiight, because this very hack came from “unknown” sources eh? Wrong advice, better to say to keep a trusted and PROVEN anti malware up to date, and have an IPS (intrusion prevention system) watching 100% of your traffic.
@SteveGillham 3 жыл бұрын
This would not have helped either, No AV knew about this malware and the it was very stealthy so would be hard to detect. And because it was using stenography in the usage data, the IPS would less likely detect the C&C traffic.
Lawrence Systems
Рет қаралды 35 М.
Tips Workshop
Рет қаралды 36 МЛН
The PC Security Channel
Рет қаралды 805 М.