The US Army, the State Department, the Presidential Office, the Pentagon or the US Department of the Treasury are just some of the organizations that have been affected by the cyberattack with the Sunburst malware on the company Solarwinds, a software provider that helps its users. clients to manage networks, systems and infrastructure.
During this time, the hackers responsible for Sunburst will undoubtedly have collected user credentials from thousands of companies and have the potential to compromise the accounts of millions of users around the world. And those stolen credentials will almost certainly end up for sale on the dark web.
Faced with the alert, the US Department of Homeland Security directed all federal agencies to unplug and turn off any device connected to SolarWinds products until further notice. Sunburst malware apart from taking more than 9 months to discover. According to Solarwinds, 18,000 of its customers were affected by this cyber attack.
How to protect ourselves from attacks like Sunburst
This type of attack is not new. Microsoft has been warning about them since 1999. There are many actions organizations can take to protect against attacks similar to Sunburst. There are several ways to protect ourselves from this type of cyber attack and we will see some of these.
▸Counter-cyber espionage services
These exist to proactively search the dark and deep web for stolen credentials and retrieve them from C2 servers before they are used to commit fraud, thus neutralizing the impact of the theft.
▸NDR for visibility into any unusual activity taking place on networks.
These are indicators of suspicious activity that NDR systems can detect, such as communication with a C2 server, network recognition, unusual DNS lookups, and elevation of user privileges.
[…] can also check this: Sunburst – The Biggest Malware on Post-Cold WarAttacks suffered by USA that changed […]