https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
  • IWCE
    • Back
    • Conference
    • WHY ATTEND
    • Exhibitor Listings
    • Floor Plan
    • Exhibiting Information
    • Registration Opens April 2019-Join Our Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Hiding in plain sight: What the SolarWinds attack revealed about efficacy

Hiding in plain sight: What the SolarWinds attack revealed about efficacy

  • Written by Pieter Danhieux / Dark Reading
  • 22nd February 2021

If ever there was something to ruin Christmas in the cybersecurity industry, it’s a devastating data breach that is on track to becoming the largest cyberespionage event affecting the US government on record.

The SolarWinds attack is far reaching, with threat actors having initially breached the software as early as mid-2019. This months-long heist was discovered in December 2020 after the scheme was used to infiltrate prominent cybersecurity firm, FireEye, and the nightmare unraveled from there. The full scope of the breach is still being investigated, but key areas of infiltration include US Departments of State, Homeland Security, Commerce, and the Treasury, in addition to the National Institutes of Health.

This incident is going to have ongoing aftershocks, but the sheer sophistication of it is fascinating. At a technical level, it is a multilayered infiltration involving custom malicious tooling, backdoors, and cloaked code, far beyond the skill of script kiddies we so often see exploiting more obvious errors.

Code Laundering at Its Best Worst
CrowdStrike has done more of their genius work in reverse-engineering the exploit, and detailing the findings for all to see. It has now come to light that SolarWinds was the victim of an infrastructure breach, allowing malicious code injection into system updates, resulting in at least four separate malware tools opening up unprecedented access for the threat actors.

The method was covert, allowing for a strategic precision that seems straight out of a Jason Bourne novel. It bought time to sniff around, plan, and strike victims outside of the SolarWinds network exactly when they wanted, in a comprehensive supply chain attack. And it was all carried out with code that looked completely benign.

Cyberattacks are often the result of simple, yet costly, errors. Once discovered, the mistakes are fairly obvious; think a poorly configured network, passwords stored in plaintext, or unpatched software that sits vulnerable to known exploits. In this case, the code didn’t stand out at all, and not just to developers and security engineers. A wide myriad of expensive, complex security technology failed to detect it too.

Tools Rendered Virtually Useless
Security professionals are aided in their quest to safeguard enormous amounts of company data, software, and infrastructure, by a technology stack that is customized to the security needs of the business. This usually takes the form of components like network firewalls, automated penetration testing, monitoring and scanning tools, with the latter soaking up a lot of time in the software development process. This tooling can quickly spiral and become unruly to manage and execute, with many companies using upward of 300 different products and services.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Analytics Applications Artificial Intelligence Companies Critical Infrastructure Cybersecurity DHS Enterprise Federal Government/Military Incident Command/Situational Awareness News Policy Public Safety Security Software State & Local Government System Operation Test & Measurement Tracking, Monitoring & Control Training Partner content

Related


  • AT&T says FirstNet Band 14 buildout more than 90% done, adoption tops 2 million connections
    AT&T has completed more than 90% of the buildout of its contracted FirstNet coverage using 700 MHz Band 14 spectrum “well ahead of schedule,” and the nationwide public-safety broadband network (NPSBN) supports more than 2 million connection, the carrier giant announced today. AT&T added almost 100,000 square miles of coverage to its network during 2020, […]
  • Ransomware? Let's call it what it really is: extortionware
    Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay. No one needs reminding that ransomware has reached incredible proportions; one widely reported statistic from Purplesec suggests that $20 billion was paid out in 2020. That’s almost double its […]
  • Artificial cities could pave the way to driverless adoption
    Connected and autonomous vehicles (CAVs) have a future. That is without doubt but there is still a need to ensure that they will be safe on our highways and to ease the public’s safety concerns to increase their adoption over the next few years. CAVs need to be able to react to unforeseen events – […]
  • Anterix inks $50 million deal with San Diego Gas & Electric to support 900 MHz private LTE system
    Anterix this week announced a $50 million deal with San Diego Gas & Electric (SDG&E) that will result in the utility becoming the license holder for 900 MHz broadband spectrum that will be used to support a private LTE network that will support smart-grid and wildfire-mitigation initiatives. For Anterix, the SDG&E contract is the company’s […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • FCC initiates proceeding, strike force to halt 911 fee diversion
  • The benefits and challenges of IT-OT convergence
  • Big business doesn't trust telcos with 5G, says new research
  • Newscan: Tyler Technologies to buy NIC in $2.3 billion market-shaking deal

Commentary


Ransomware? Let’s call it what it really is: extortionware

21st February 2021

Redefining communications for today’s mobile workforces

18th February 2021

Hi-tech sewer can help safeguard public health, environment and economies

18th February 2021
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

The era of converged network infrastructure has officially begun dlvr.it/Rtmq62

2nd March 2021
UrgentComm

Biden to follow through on Trump-era China tech ban dlvr.it/Rtmlgt

2nd March 2021
UrgentComm

Hytera, Motorola Solutions DMR royalty dispute to be decided by federal judge dlvr.it/Rthqp3

1st March 2021
UrgentComm

Using data to improve emergency response resources in healthcare arena dlvr.it/RtYfFJ

26th February 2021
UrgentComm

3 security flaws in devices and IoT that need fixing dlvr.it/RtYRxm

26th February 2021
UrgentComm

Newscan: America’s creaky payment infrastructure is showing cracks dlvr.it/RtTzBD

25th February 2021
UrgentComm

California PD: ‘Game-changing’ Live911 streaming of emergency calls accelerates responses dlvr.it/RtPgXS

24th February 2021
UrgentComm

Why Tuscon is building its own 4G network dlvr.it/RtPDG5

24th February 2021

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X