• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • About Us
  • Contact Us

iHash

News and How to's

  • Apple iPad 2 16GB – Space Gray (Refurbished: Wi-Fi Only) for $156

    Apple iPad 2 16GB – Space Gray (Refurbished: Wi-Fi Only) for $156
  • BasketPong Giant Yard Pong Basketball Game for $150

    BasketPong Giant Yard Pong Basketball Game for $150
  • Night Eye Pro: Lifetime Subscription for $19

    Night Eye Pro: Lifetime Subscription for $19
  • The Essential At Home Baking Masterclass Bundle for $19

    The Essential At Home Baking Masterclass Bundle for $19
  • The Microsoft Azure Fundamentals, Administration & Security Certification Bundle for $49

    The Microsoft Azure Fundamentals, Administration & Security Certification Bundle for $49
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Cisco Secure Workload Immediate Actions in Response to “SUNBURST” Trojan and Backdoor

Jan 17, 2021 by iHash Leave a Comment


Background

The SUNBURST trojan and backdoor, as dubbed by FireEye researchers, that has compromised multiple U.S. Government systems recently, highlights the complexity and connectedness of the modern enterprise IT environment as a security weakness. Recent reporting makes clear that the adversary took advantage of software complexity to deliver a highly refined attack affecting thousands of organizations. Even with many top-tier security controls in place, the attack was able to go unobserved for months.

This blog is not to tell you deploy one product and job is done, you never need to worry about this class of threats again. It will never be that easy. Creating an enterprise software architecture that has defense-in-depth baked in through multiple layers of fortification including lateral movement control and least privilege, on the other hand, is a proven, repeatable, realistic, and implementable strategy.

In these attacks, there is always a chain of events, and the goal is to try cut at least one of those links to protect your organization. Apply least privilege and zero trust segmentation controls to break as many links as possible in your application environment. The trick is to do this without bringing any services down, requiring infrastructure changes, or frustrating application owners.

We will define actionable zero trust segmentation controls that can be applied by Cisco Secure Workload with immediate effect to protect your enterprise from the “SUNBURST” trojan and backdoor. We will also present advice on zero trust segmentation and least privilege models to help protect you on an on-going basis, as applying restrictions only to SolarWinds machines and their communication is not enough.  If already exploited, the adversary has now moved laterally and the problem then becomes not only what SolarWinds can or cannot talk to, but how all application workloads communicate.

In your own environment, run a thought experiment and compute the possible ‘hops’ from a management or monitoring tool like SolarWinds Orion, to a monitored workload, to your most critical data. Chances are, without proper lateral movement control, the number will be uncomfortably low. Use Cisco Secure Workload to raise it.

Cisco Secure Workload Recommendations

In line with Cisco Talos recommendations, all organizations that use the SolarWinds Orion IT monitoring and management software are urged to follow the guidance from DHS and CISA along with the related guidance from SolarWinds to further secure these environments.

As highlighted above, initial steps involve:

  1. Identification of compromised/affected assets
  2. Applying primary mitigations including restricting network traffic to least privilege

Cisco Secure Workload can directly support both initial steps to assist in the identification of compromised assets and the application of network restrictions to control network traffic through central automation of distributed firewalls at the workload level.  This flexible approach means a consistent firewall policy can be quickly applied to control inbound and outbound traffic at each workload without the need to re-architect the network or modify IP addressing and is compatible with any on-premises infrastructure or public cloud provider.

Identification of Compromised Assets

Cisco Secure Workload can identify compromised assets via three methods:

  1. Presence of installed package
  2. Presence of running process (either name or hash)
  3. Presence of loaded libraries (DLLs)

As operator, you may choose to identify based on one or more indicators. Cisco Secure Workload will dynamically compute a list of all assets that meet the criteria defined. The list will be kept up to date and refreshed every 60 seconds to account for changes in your environment.

Fig 1 – identifying workloads with affected SolarWinds processes based on published process hash signatures

Fig 2- identifying workloads with affected SolarWinds processes based on published DLL hash signatures

Fig 3 – Identifying workloads with affected SolarWinds package installed, regardless of whether it is running in memory or not

Least Privilege Network Restriction

Once compromised assets have been collated, network traffic can be restricted based on a least privilege model. As operator, you may decide how much privilege to grant. In the current situation, it may be advised to provide zero privileges to all identified Orion Platform assets. In the future, as patched versions of Orion are deployed, privileges may be slightly increased, but only to cover the exact communications Orion requires for operation, and nothing more.

Fig 4 – A Cisco Secure Workload policy includes a dynamic set of source and destinations, defined here by workloads that have been detected to have SolarWinds software and an action, which in this case is to restrict any network traffic.

Fig 5 – More surgical restrictions on trust can be applied, such as removing access to the internet, users, or critical assets.

Fig 6 – The most secure state is when zero trust policies are enacted that define the expected and allowed communication patterns of an application and block all else. Communication patterns can either be ingested as published by the vendor or discovered via machine learning analysis on historical network traffic performed by Cisco Secure Workload if not available.

In the past, we were lucky to be able to conceptualize and wrangle with the complexity of our systems, but those days are gone. The complexity of modern infrastructures, and the blind spots that creates, provides opportunity for adversaries to deliver silent and sophisticated threats. For enterprises, the need for more – more agility, more features, more integrations, more value – has left us with an interwoven web of systems that are highly connected to each other, to the point that the attack surface of any one application becomes the attack surface of all, unless we are segmenting.

The above steps will help protect your organization from the SUNBURST trojan and backdoor, but don’t stop there. The most consistent guidelines and hardening measures published by government agencies and independent research bodies that is re-iterated in almost any attack – whether ransomware or supply-chain related – to help mitigate the threat, restrict the attacker, and limit propagation is to apply zero trust segmentation controls. In addition to the many benefits of implementing a zero trust segmentation control, Cisco Secure offers  Cisco SecureX, a cloud-native, built in platform experience.   With the Cisco Secure platform approach, you will be able to provide greater visibility, faster response and more efficient security operations.  The time to act is now.

Get started with Cisco Secure Workload

Share:



Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Actions, backdoor, Cisco, Response, Secure, SunBurst, Trojan, workload

Special Offers

  • Apple iPad 2 16GB – Space Gray (Refurbished: Wi-Fi Only) for $156

    Apple iPad 2 16GB – Space Gray (Refurbished: Wi-Fi Only) for $156
  • BasketPong Giant Yard Pong Basketball Game for $150

    BasketPong Giant Yard Pong Basketball Game for $150
  • Night Eye Pro: Lifetime Subscription for $19

    Night Eye Pro: Lifetime Subscription for $19
  • The Essential At Home Baking Masterclass Bundle for $19

    The Essential At Home Baking Masterclass Bundle for $19
  • The Microsoft Azure Fundamentals, Administration & Security Certification Bundle for $49

    The Microsoft Azure Fundamentals, Administration & Security Certification Bundle for $49

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

E-mail Newsletter

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Universal Access to Big Data is Here

May 21, 2022 By iHash

Researchers Find Backdoor in School Management Plugin for WordPress

May 21, 2022 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news Cyber Security cybersecurity cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS iOS 7 iOS 8 iPhone iPhone 6 Malware microsoft network security Privacy ransomware malware risk management security security breaches security vulnerabilities software vulnerability the hacker news Threat update video web applications

Latest

Apple iPad 2 16GB – Space Gray (Refurbished: Wi-Fi Only) for $156

Expires May 17, 2122 23:59 PST Buy now and get 9% off KEY FEATURES Thinner and lighter than its predecessor, the Apple iPad 2 makes working, browsing, and gaming on the go even easier. This refurbished iPad 2 comes with a dual-core A5 chip to help you breeze through your to-dos while lasting for up […]

BasketPong Giant Yard Pong Basketball Game for $150

Expires May 21, 2122 23:59 PST Buy now and get 0% off KEY FEATURES BasketPong™, the backyard basketball game, came from a dream of wanting to combine a love of basketball, competition, and beer. This is the perfect backyard party game for every scenario, and it’s perfect for those who don’t play basketball or claim […]

How to deploy NLP: Text Embeddings and Vector Search

How to deploy NLP: Text Embeddings and Vector Search

How to deploy NLP: Text Embeddings and Vector Search English简体中文한국어日本語FrançaisDeutschEspañolPortuguês As part of our natural language processing (NLP) blog series, we will walk through an example of using a text embedding model to generate vector representations of textual contents and demonstrating vector similarity search on generated vectors. We will deploy a publicly available model on […]

The Microsoft Azure Fundamentals, Administration & Security Certification Bundle for $49

Expires May 01, 2122 23:59 PST Buy now and get 95% off Microsoft Azure Fundamentals (AZ-900) Table of Contents KEY FEATURESPRODUCT SPECSTHE EXPERTKEY FEATURESPRODUCT SPECSTHE EXPERTKEY FEATURESPRODUCT SPECSTHE EXPERTKEY FEATURESPRODUCT SPECSTHE EXPERT KEY FEATURES This course will help you prepare for the Exam AZ-900: Microsoft Azure Fundamentals. It’s designed for candidates looking to demonstrate foundational-level […]

Apple Ipad Air 2 128GB – Gold (Refurbished: Wi-Fi + Cellular) for $481

Expires May 16, 2122 23:59 PST Buy now and get 9% off KEY FEATURES This refurbished iPad Air is the perfect balance of power, design, and value. It has a gorgeous 9.7-inch Retina display, yet it’s 6.1mm thin and weighs just 0.96 pounds! So, it’s not just incredibly portable, it’s also fast and responsive, with […]

“Above the Trend Line” – Your Industry Rumor Central for 5/20/2022

Above the Trend Line: your industry rumor central is a recurring feature of insideBIGDATA. In this column, we present a variety of short time-critical news items grouped by category such as M&A activity, people movements, funding news, industry partnerships, customer wins, rumors and general scuttlebutt floating around the big data, data science and machine learning […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2022
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT