Article: How the open source community helped firms investigate their network activity following SolarWinds

Free, Libre, Open Software

How the open source community helped firms investigate their network activity following SolarWinds

The ramifications of the SolarWinds attack are still unfolding more than four months since the breaches were revealed to the public. One underappreciated facet of the wide-ranging scandal that has engulfed much of the U.S. government and hundreds of major companies involves the powerful role the open source community played in helping enterprises respond to the crisis, according to Greg Bell, co-founder and CSO of cybersecurity company Corelight.

“What happened with the Sunburst malware is that when FireEye/Mandiant discovered the attack and made this sort of amazingly detailed disclosure, they released information about the attack—so called indicators of compromise—in open formats on GitHub, the platform where open source tools are built and where information is shared,” Bell said.

Read Full Article

Article: Microsoft open sources CodeQL queries used to hunt for Solorigate activity

Code, Free, Open Software

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, such as credential theft, privilege escalation, and lateral movement, to steal sensitive information.

The incident has reminded organizations to reflect not just on their readiness to respond to sophisticated attacks, but also the resilience of their own codebases.

Read Full Article