Flash Read

Tis the season to audit the supply chain


December 17, 2020
min read
An image showing two office workers working on their laptops

We were supposed to be winding down for the holidays. Then again, maybe we suspected that 2020 had one last gut-punch for us. Thanks, ‘SUNBURST’.

‘SUNBURST’ is what FireEye is calling the recent cybersecurity attack that has government agencies scrambling, carried out by an unidentified agent FireEye refers to as ‘UNC2452’. FireEye, with barely contained awe, have described what they’ve uncovered as “...some of the best operational security that FireEye has observed in a cyber attack, focusing on evasion and leveraging inherent trust.” Read the full blog post here, and find FireEye’s GitHub repository on detection and neutralization here. FireEye’s transparency and urgency in sharing what they’d discovered has earned plaudits in the cybersecurity community.

FireEye was the first company to detect a compromise in their own system. Once they’d identified the source as a SolarWinds software update, it became clear that this was a big one. Why? Because that same SolarWinds software update went out to hundreds of thousands of customers—including many top US federal agencies.

It’s a nefarious, evil-genius level attack. While gaining access through a classic Trojan Horse approach, the attackers were subtle, sitting within the tech stack and taking their time to learn what credentials were needed to access critical information. Once they’d identified targets and how to access them, they struck, using only the operations that enabled access to function in the first place. It’s ‘the butler did it’, except that the butler was possessed.

FireEye has characterized this attack as a problem in the Software Supply Chain (SSC). I’ve written about this problem previously with regards to open source software, but SaaS sprawl is turning this into a bigger issue. SolarWinds provides broad IT management software—the perfect tools for discovering access credentials. IT has to match its security and risk management in line with every new vendor that makes up that SaaS ecosystem—is each vendor doing everything they can to detect and treat vulnerabilities? Do you trust that new update? (Speaking of which, SolarWinds is urging customers to install their latest, presumably safe, update for the compromised Orion Platform software.)

In some ways, Christmas has come early for cybersecurity SaaS. Vendors are filling blog posts with all the ‘lessons learned’ which, strangely enough, are usually resolved by purchasing that vendor's particular threat detection tools. Paranoia pays, especially when that paranoia is justified.

What will this mean for cybersecurity in 2021? Will zero-trust finally rise to prominence? Do we need more AI/ML tools to detect those subtle differences in malicious behaviors that mimic normal protocols? One of the scarier aspects of the FireEye hack is that penetration test tools were stolen. If the enemy knows how we fight it, innovation may be key.

As details of the attack continue to accumulate like all those holiday chocolates, one thing’s for sure: this won’t be the last we hear of the SolarWinds breach this season.

Access data and intelligence from thousands of verified technology CxOs, VPS, and Directors, while engaging in compelling conversations about what's top-of-mind for tech leaders today.

Join the Pulse Community

Join the executive community

Make and shape business decisions with tried-and-true advice and benchmarks from technology leaders

Executives powering Pulse

“With its survey data, Pulse skips the anecdotes and provides deep context and real numbers for the topics that are top of mind for my organization.”
Julie Cullivan photo
Julie Cullivan
Chief Technology and People Officer, Forescout
“Pulse beats any other platform, research company, Slack groups, etc. at getting me the most relevant advice and content. I rely on Pulse for all knowledge and insights. The answers are consistently exactly what I need.”
Roberto Torres photo
Roberto Torres
CTO, Taimingo
“What the IT community has needed is a vendor free, agenda free platform which encourages discussion and debate amongst peers. Pulse has nailed that in both their Q&A and timely reports.”
Lee's headshot
Lee Vorthman
CSO, Oracle
“I love that Pulse is a one-stop shop for all the peer conversations and insights that are presently super scattered and disconnected among various Slack channels and other CIO groups.”
Enrique Jenkins photo
Enrique Jenkins
Head of IT, DoorDash
“Being able to drive discussions on new tech with my peers and getting immediate feedback is exactly what has been missing until Pulse.”
Manjit Singh photo
Manjit Singh
CIO, Toyota
“For the past two weeks, the first news source I check [every morning] is Pulse. I look at Focused Five everyday. Pulse first, then Twitter, etc. You're that good.”
Miguel Borbolla Olea photo
Miguel Borbolla Olea
Director of IT, OCESA
“I’m excited for what the Pulse team have built to better connect the CIO community. It’s been exceptional for many of us in the community to get clarity and aid decision making as we develop our strategy.”
Yusuf Khan image
Yousuf Khan
CIO, Automation Anywhere
"Transformative change and real-time insights can only come from the people who are doing it day to day in an innovative way. I get a wide variety of that insight from Pulse."
Malcolm Harkins photo
Malcolm Harkins
Chief Security and Trust Officer, Cymatic