Now cyber security is always a
cat and mouse game
sometimes you think that you are safe
but the next moment you know that you
were being hacked
and in order to protect that there are
so many good companies which put
advisories
to the companies that hey this is how
you can secure this.
It's a always cat
and mouse game
and no matter how big you are the next
day you can be a potential target
and what you know you are down next day.
So, let me walk you through with the
story here
so fireeye is one of the biggest name in
the cyber security
it is so big and i'm not exaggerating it.
The higher management of the fire
eye is not allowed to even go to russia
for even a vacation
this is something real fireeye is one of
the biggest name
in the industry now a few days ago
fireeye came out and said that "we were
hacked" and this actually made a big news
that while the biggest firm
in the world was attacked and is
accepting that we
were hacked!!!
Now during the hacked they
found out that what was breached when it
was asked to them
they said that's actually the biggest
nightmare it was not the nightmare that
we were hacked but the nightmare what
was hacked from us.
In case on to let me take you a little
bit on the side track in case you don't
know much about the cyber security these
days how this is being performed
usually there are two teams the red team
and the blue team.
The job of the blue team is to simply go
ahead and
roll out patches and secure and put the
firewall so that people cannot breach
on the other hand the red team is
responsible for simulating the attacks
of course in the controlled environment.
But since some of these attacks are so sophisticated that they need automation
so companies like fireeye they have
their own kind of a
big box in which they use these
red tools and by the box, simply means
their software stack or their
servers or where they wherever they are
keeping these simulations
of these red attacks.
Now some of these
red attacks are
so much complex and so much powerful
that the if they get out in the world
they can do so much of damage and yes
you guessed it right that's exactly was
attacked
and that's exactly was stolen from
fireeye
so all those boxers which were holding
these simulations for the red team
or the red attacks they got stolen.
Now
according to the official statement of
the fire eye
there was no zero day attack now in case
you don't know zero day, don't worry let
me explain you briefly about it.
Zero day is a potential vulnerability
which nobody has seen yet
it is a potential vulnerability but
nobody has seen it so there is no patch
and not a whole lot of people knows
about it probably if you can count
them on fingers
these many people only know about zero
days so
according to the fire eye statement
there was no zero day in that
but according to their statement.... okay
taking you to the part two of the story
Another thing which you might be hearing
very soon quite a lot in the news is
solar eye attack or the solar hack
there's a lot of name
so what is this solar tool in order to
give you the gravity of the context that
how popular
the solar wind tool is imagine any of
the 50
fortune 500 company!!
Now imagine 50 more
now imagine 50 more all of them which
came to your mind
use solar wind the solar wind tool is a
go-to tool for
every single fortune 500 company and if
i'm exaggerating it let's keep the
number at almost
90 percent companies big companies use
solarwind as their network monitoring
tool.
It is said that they are there are
probably more than 18
000 customers which are going to be
affected by this attack so you can see
that
all of the big names that you can think
of they are using solarwind
now this solar panel i have personally
never worked on it but i know
all these big companies where i have
worked as a remote contractor
or as a physically being there i have
seen network people
always using these solar teal and i'm
talking about all the big companies..
That possibly can come to your mind
so solar wind is a nice tool which keeps
the track of
monitoring the network their bandwidth
how is it is using
the logs and how the fluctuations are
going on everything that possibly you
can do
by networking is being done there so you
can see that it's
almost like a monitoring tool for the
entire internet which is running on the
planet
and what's more scary to this is the
client list of the solarwind it's one of
the biggest firm in the world including all the big fortune 500
also the state department
a lot of governments also use this
including FBI, NASA's treasury department, state health
department
almost all of the names that you can
think of including microsoft!!
Whole lot of people are going to
come out and forward and say that yeah
we also use this tool
so all of them were potentially a victim
of this hack now let me tell you how
this hack was actually planned up.
So now the hackers having the
access of these red tools
what they did after that they actually
found out
that how the network updates of this
tool are being delivered
you also get these software patches and
software updates and what you do next
you just simply go ahead and update
these tools.
Whatever the tools you are
using
same goes for the solar wind tool as
well
okay again putting this as a side note i
have personally never used solarwind
i've always been in the software
development side of the team so i've
used
friends and talking them about the solar
will never have personally used it
okay so what happens in that is a new
update came out for the solar wind
and again let me give you a little bit
more scary reason here
this update came out in march of 2020
and what attack attackers did was they
somehow got the access to the network
or the CDN through which they were
delivering these updates
and they injected a dll a malicious dll
along with the patch
so the patch is now going to act as a
potential vulnerability to every single
person
who is going to be updating their
software and everybody loves
an update in the software who doesn't
you shouldn't like
not do it you should always do an update
so every single company of course this
is a talk about
march so this is almost the end of 2020
everybody did the update.
And next day you know fireeye came out
with a public disclosure that we were
attacked and entire dots were connected
and this is scary this is scary because
hackers had these access to all of the
big giants
from march now they are saying that this
attack was planned by russia
we have no proof of that nobody claim
out and say that this is a rock solid
proof about that so obviously they're
gonna name it to russia
but it can be potentially from other
groups of people as well
now the the danger here is that
attackers had the access of everything
and yes they had this network level
access in all of these fortune 500
companies 18 000 customers and they had
this at
access from march gosh!!!
Not only these attackers have the
access of these networks of big
companies
but they also know that how these
attacks are being made how the
potential firewalls are being kept so
they have they are knowing now too
much of the details so what will be the
impact of this
currently we are not seeing any impact
currently the news is just
out and we have seen one big giant being
down
for an hour a couple of days ago now
obviously
it is expected that in 2021 it's going
to be a biggest
bigger nightmare of the cyber attacks
that's
are going to happen eventually it's
going to scale up
so that's a little bit update that you
should really know if you are
residing anywhere in the id world cyber
security space or even the coding space.
I've tried my best to explain this as
dumbed down version as possible
surely i have excluded a whole lot of
details on this to make sure that this article is understandable
by the massive audience and not just a
specialized group of cyber security
people
so if you've enjoyed this article make
sure to spread it through your medias with your friends and make everyone aware of it.
Thanks for reading
Keep learning
Links of resources :