In December 2020, news broke of a massive cyberattack that compromised multiple US federal agencies, including the Department of Homeland Security, the Department of State, and the Treasury Department. The attack was later linked to the SolarWinds Orion software, which had been compromised by state-sponsored hackers. As investigations into the attack continue, it has become clear that the attackers were highly skilled and sophisticated, and had been working on the breach for many months.
One of the key players in the investigation of the SolarWinds breach has been The Record, a cybersecurity news site that has been closely following the developments of the attack. In addition, Secureworks, a leading cybersecurity company, has also played a significant role in investigating the SolarWinds breach and providing insights into the attack. In this article, we will explore the roles that The Record and Secureworks have played in uncovering the SolarWinds breach, as well as the broader implications of the attack for cybersecurity.
The Record’s Coverage of the SolarWinds Breach
The Record has been closely covering the SolarWinds breach since news of the attack first broke in December 2020. The site has provided extensive coverage of the attack, including detailed analyses of the technical aspects of the breach, as well as broader commentary on the implications of the attack for cybersecurity.
One of the key insights that The Record has provided into the SolarWinds breach is the role of a second malware strain, known as “Sunburst”. While the SolarWinds Orion software was the initial point of entry for the attackers, it was the Sunburst malware that allowed them to move laterally through compromised networks and to steal sensitive data. According to The Record, the Sunburst malware was specifically designed to avoid detection, using a variety of techniques to hide its presence on compromised systems.
In addition to providing detailed technical analysis of the SolarWinds breach, The Record has also been closely following the response of governments and companies to the attack. The site has provided updates on the latest developments in the investigation, as well as commentary on the broader implications of the attack for cybersecurity and international relations.
Secureworks’ Investigation of the SolarWinds Breach
Secureworks has also been closely involved in investigating the SolarWinds breach, using its advanced threat intelligence capabilities to uncover key details about the attack. One of the key contributions that Secureworks has made to the investigation is its analysis of the tactics, techniques, and procedures (TTPs) used by the attackers.
According to Secureworks, the SolarWinds attackers used a variety of sophisticated techniques to evade detection and maintain persistence on compromised networks. These techniques included the use of custom malware, the exploitation of known vulnerabilities, and the use of legitimate tools and credentials to move laterally through networks. In addition, Secureworks has identified specific TTPs that are linked to the attackers, providing important clues for further investigation.
Implications for Cybersecurity
The SolarWinds breach has significant implications for cybersecurity, both in terms of the specific vulnerabilities that were exploited and the broader geopolitical context of the attack. One of the key lessons from the breach is the importance of supply chain security, which refers to the security of the software and hardware components that make up complex technology systems. In the SolarWinds case, the attackers were able to compromise the Orion software by infiltrating the company’s software supply chain, highlighting the need for greater vigilance in this area.
Another important lesson from the SolarWinds breach is the need for greater collaboration between private companies, government agencies, and cybersecurity experts. The attack was only uncovered because of the efforts of a range of different organizations, including The Record and Secureworks, and highlights the importance of sharing threat intelligence and working together to address cybersecurity threats.
Finally, the SolarWinds breach underscores the growing importance of cybersecurity in global