Call a Specialist Today! 877-352-0547
Free Shipping! Free Shipping!

The Latest Check Point News
Product and Solution Information, Press Releases, Announcements

SolarWinds Sunburst Attack: What Do You Need to Know and How Can You Remain Protected
Posted: Wed Dec 16, 2020 01:29:01 PM
 

The world is now facing what seems to be a 5th generation cyber attack – sophisticated, multi vectors attack, potentially carried-out by nation-state actors. Check Point’s finest teams work closely with our customers and different industry leaders to provide the best protections against the SunBurst attack.

What do we know by now

On the week of December 13th , US government offices exposed they were targeted by a series of mega cyber attacks, allegedly related to state-sponsored threat organizations. Those attacks targeted government and technology organizations worldwide. This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse. By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets, both cloud and on premise, enabling them to spy on the organization and access its data.

Check Point is helping customers stay protected with a free security check up and an incident response hotline engagement

Check Point offers assessment tools that organizations can leverage, at no charge, to identify attacks operating within their environments. These solutions can pinpoint the presence of SunBurst indicators associated with network and endpoint activity. Check Point resources are available to support organizations interesting is leveraging such tools

Schedule your Security Check up now.

Check Point Incident Response Team is available 24x7x365 to deliver security incident handling service. If you believe you were exposed to the solar Wind attack, we are a single hotline phone call away. We will help you contain the threat, minimize its impact, and keep your business running. Contact us now

Check Point Research groups are constantly monitoring the situation

Check Point Research, The intelligence & Research arm of Check Point, further indicated SolarWinds was exploited to craft a sophisticated supply-chain attack

  1. Solarwind’s signing server was breached and used to authenticate the software updates, included the malicious code.
  2. SolarWinds customers who updated their software, automatically and unknowingly also installed the malicious backdoor, literally opening the door to their assets to the malicious actors.
  3. the backdoor communicates with a malicious server owned by the threat actors, sharing some details that might help in identifying the victimized network and organization.
  4. the hackers decide whether or not this organization is of interest, and decide whether to terminate or proceed in the attack.
  5. Apparently, at this stage the threat actors laterally move to other assets – be it assets hosted on premise or on cloud. Interestingly, some publications mention that SolarWinds update is not the sole entry point in this campaign. We are keeping an eye open for what it might be.

From our perspective, after years of conducting cyber threat research, we believe this is one of the most sophisticated and severe attacks seen in the wild.

This is reflected in the attack’s technical complexity, the patience of the threat actors behind crafting this attack end-to-end, their high operational security awareness, and its broad and precise set of victims.

This recent high profile attack represents additional evidence of the emergence of Generation V of sophisticated cyber-attacks. Researchers, who have named the hack Sunburst, say it could take years to fully comprehend the severity of this large scale attack.

Check Point advice on protecting from the Sunburst attack

Our researchers are constantly monitoring the situation and have already issued the following advice for organizations to protect themselves:

  • Back to basics – In these sort of circumstances, the core security practices of least privilege and segmentation make it harder for adversaries to access critical assets
  • Defense-in-depth – Ensure that multiple protections operate in parallel to identify and prevent different attack vectors in real-time, such as blocking command and control traffic as well as exploits of vulnerable elements
  • Make sure your security solutions are up to date, in order to benefit from the ongoing investigation
  • Set your security solutions to Prevent – as the attackers remove their traces, by the time you detect and analyze their actions, it would be too late
  • The attack shows specific attention to cloud assets – make sure to look into those for suspicious, abnormal, activity

For full technical details on Check Points's response to the SolarWinds attack click here

 
« Return to News List