www.cybersecuritydive.com
Open in
urlscan Pro
2606:4700::6812:d05
Public Scan
URL:
https://www.cybersecuritydive.com/news/microsoft-solarwinds-cyberattack-antivirus-orion/592261/
Submission: On April 30 via api from CA — Scanned from CA
Submission: On April 30 via api from CA — Scanned from CA
Form analysis 7 forms found in the DOM
Name: signup-inter-form — POST /signup/
<form id="signup-inter-form" class="form-basic js-form-email-validate" name="signup-inter-form" action="/signup/" method="POST">
<input type="hidden" name="signup_box_location" value="interstitial">
<input type="hidden" name="signup_initial_url_path" value="">
<h1> Don’t miss tomorrow’s Cybersecurity industry news </h1>
<p class="interstitial-text"> Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox. </p>
<p class="form-error__message" id="interstitial-error"></p>
<div id="form-interstitial">
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_677879_email">
<div id="newsletter-list-section">
</div>
<div id="interstitial-consent-container">
<input name="user_consent" value="1" id="id_user_consent" type="checkbox">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</div>
</div>
<input id="signup-inter-submit" class="email_submit submit button" type="submit" data-role="none" value="Subscribe today">
<div class="fieldWrapper">
<label class="error email_error" style="display:none;" for="email-inter"> A valid email address is required. </label>
</div>
</form>GET /search/
<form action="/search/" method="GET" data-ajax="false">
<label for="search-desktop">
<span class="screen-reader-text search">Search</span>
</label>
<input id="search-desktop" type="search" name="q" placeholder="Search" data-role="none">
<button type="submit" value="" data-role="none" class="analytics t-search-navigation-drawer">
<img src="/static/img/menu_icons/search.svg?320116291121" alt="search" height="16" width="16" loading="lazy">
</button>
<img class="close" src="/static/img/menu_icons/close.svg?273117231121" width="16" height="16" loading="lazy">
</form>Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_124d00_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_124d00_email">
</label>
<input type="hidden" name="signup_box_location" value="elevated_footer">
<input type="hidden" name="signup_initial_url_path" value="/news/microsoft-solarwinds-cyberattack-antivirus-orion/592261/">
<input type="hidden" name="js_enabled" value="1" id="id_124d00_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-elevated_footer" value="1" class="checkbox">
<label for="id_user_consent-elevated_footer">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_e2c133_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_e2c133_email">
</label>
<input type="hidden" name="signup_box_location" value="sidebar">
<input type="hidden" name="signup_initial_url_path" value="/news/microsoft-solarwinds-cyberattack-antivirus-orion/592261/">
<input type="hidden" name="js_enabled" value="1" id="id_e2c133_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-sidebar" value="1" class="checkbox">
<label for="id_user_consent-sidebar">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_479e13_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_479e13_email">
</label>
<input type="hidden" name="signup_box_location" value="elevated_footer">
<input type="hidden" name="signup_initial_url_path" value="/news/microsoft-solarwinds-cyberattack-antivirus-orion/592261/">
<input type="hidden" name="js_enabled" value="1" id="id_479e13_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-elevated_footer" value="1" class="checkbox">
<label for="id_user_consent-elevated_footer">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>GET /search/
<form action="/search/" method="GET" data-ajax="false">
<label for="search-mobile">
<span class="screen-reader-text">Search</span>
<input id="search-mobile" type="search" name="q" placeholder="Search" data-role="none">
</label>
<button type="submit" value="" data-role="none" class="analytics t-search-navigation-mobile">
<img src="/static/img/menu_icons/search.svg?320116291121" width="15" height="15" alt="search">
</button>
</form>Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_b9cc91_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_b9cc91_email">
</label>
<input type="hidden" name="signup_box_location" value="integrated_menu">
<input type="hidden" name="signup_initial_url_path" value="/news/microsoft-solarwinds-cyberattack-antivirus-orion/592261/">
<input type="hidden" name="js_enabled" value="1" id="id_b9cc91_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-integrated_menu" value="1" class="checkbox">
<label for="id_user_consent-integrated_menu">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>Text Content
Skip to main content CONTINUE TO SITE ➞ DON’T MISS TOMORROW’S CYBERSECURITY INDUSTRY NEWS Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox. By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. A valid email address is required. * Deep Dive * Library * Topics Menu * Search * Sign up Search * Strategy * Breaches * Vulnerability * Cyberattacks * Threats * Leadership & Careers * Policy & Regulation An article from Dive Brief MICROSOFT TO BEGIN BLOCKING BINARIES LINKED TO SOLARWINDS CYBERATTACK Published Dec. 16, 2020 Samantha Schwartz Reporter * * * * * Kendall Davis for CIO Dive DIVE BRIEF: * Microsoft will begin blocking the malicious binaries related to SolarWinds Orion vulnerability with Microsoft Defender Antivirus on Wednesday, the company announced. * The antivirus solution will quarantine the trojan before it can begin processing. However because SolarWinds Orion is a Network Management System (NMS) closely tied to servers, ”it may not be simple to remove the product from service,” according to Microsoft. * Microsoft warned customers they should “consider any drive with the binary as compromised,” including the accounts with access to the devices. Companies should have already begun investigations into the device timeline, looking for ”indications of lateral movement activities,” according to the announcement. Survey Report for Akamai THE IMPACT OF AUDIENCE HIJACKING ON CUSTOMER EXPERIENCE AND REVENUE Discover how to combat audience hijacking, which is estimated to disrupt as many as 20% of e-commerce site visits per year. Download now DIVE INSIGHT: As fallout continues from the SolarWinds Orion vulnerability, known as Solorigate or SUNBURST, affected companies and federal agencies are relying on private sector involvement. “Post-infrastructure product decisions made by tech companies create strategic facts that often outweigh national policy ability to control for vulnerabilities and risk,” said Philip Reiner, CEO of the Institute for Security and Technology. The federal government relies on technology supplied by private third parties, ”because it has no choice,” said Reiner. As adoption continues, supply chain threats will grow. Federal agencies can no longer rely on code they wrote and tested on their networks. The SolarWinds supply chain attack is far-reaching. The company alerted 33,000 customers using Orion during the time the product updates were compromised, though the company said about 18,000 customers were impacted. Affected federal agencies reportedly include The Departments of Homeland Security, State, Treasury and Commerce. With a loyal customer base around the world, SolarWinds software is used beyond the public sector. In fact SolarWinds is “so prevalent,” its Orion platform “is to NMS what Kleenex is to Tissues,” said Jake Williams, SANS analyst and senior SANS instructor, in a SANS Institute webinar Monday. NMS needs to communicate with managed and monitored devices, making it a primary target for malicious activity. “Many NMS are configured to both monitor for events and respond to them,” said Williams. “This means that the [NMS] can make changes on behalf of its configuration,” so attackers can make the same changes as the NMS after compromising the tool. Companies are not safeguarded from infection even if they have networking devices configured to SolarWinds without credentials. Even if the software has no way of jumping to a company’s Windows systems, if an attacker has access to changing configurations, it would be very easy for them to “basically reshape traffic on the local network and position themselves for those man-in-the-middle opportunities,” said Williams. At that point, it’s just a matter of time before an attacker gains access to a machine. Microsoft is joined by other tech companies to “seize and sinkhole” the ”avsvmcloud[.]com” domain, reported ZDNet. The domain is the command and control server of the operation delivering the malware. Microsoft obtained the domain, which was ”designed to mimic normal SolarWinds API communications,” according to FireEye. FireEye released other domains related to SUNBURST and BEACON companies can use for indicators of compromise (IOC) in domain name system logging. The domains have Russian attribution, labeled as UNC2452, though it’s insufficient to rule out an attack if nothing was detected, according to Williams. “Nothing means you just don’t see it,” and the domains found by FireEye are likely an incomplete list. No company or security firm aiding in response has outright said the threat group behind the attack is APT 29, also known as Cozy Bear or Dukes. Given the impact of the attack, it has the markings of the threat actors. “The pre-positioning potential is massive,” said Reiner. “You could envision APT 29 transferring some of the accesses to a more attack-minded entity,” such as APT 28, or Fancy Bear. RECOMMENDED READING * SolarWinds Orion vulnerability: What security teams need to know By David Jones • Dec. 15, 2020 * National defense bill is heavy on cyber. What it means for the private sector. By Samantha Schwartz • Dec. 7, 2020 * post * share * tweet * print * email Filed Under: Cyberattacks, Threats CYBERSECURITY DIVE NEWS DELIVERED TO YOUR INBOX Get the free daily newsletter read by industry experts Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. EDITORS’ PICKS * matejmo via Getty Images MULTIFACTOR AUTHENTICATION IS NOT ALL IT’S CRACKED UP TO BE Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken. By Matt Kapko • Oct. 5, 2022 * Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images CISA REVISES CYBERSECURITY PERFORMANCE GOALS After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA. By David Jones • March 22, 2023 Cybersecurity Dive Get the Daily Dive newsletter from Cybersecurity Dive From strategy to breaches, the Daily Dive newsletter will keep you up-to-speed on the latest industry news and trends. Sign Up for Free GET THE FREE NEWSLETTER Subscribe to Cybersecurity Dive for top news, trends & analysis Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. MOST POPULAR 1. Mandiant CEO’s 7 tips for cyber defense 2. CISA seeks public comment on software security attestation form 3. NCR restores more services following ransomware attack 4. Teenagers, young adults pose prevalent cyberthreat to US, Mandiant says LIBRARY RESOURCES * Webinar - on demand The Top Cybersecurity Risks Keeping Financial Leaders Up at Night Custom content for RSM US LLP * Industry Report Addressing Audience Hijacking in 2023 Custom content for Akamai * Webinar - on demand Data Security: The Missing Component of Your Cyber Security Strategy Custom content for Rubrik View all COMPANY ANNOUNCEMENTS * Traceable AI Introduces World’s First Zero Trust API Access (ZTAA) Solution From Traceable AI * NINJIO named “Hot Company in Security Awareness Training” at Global InfoSec Awards From NINJIO * Runecast Goes Full Agentless for RSAC 2023 From Runecast Solutions Ltd. View all | Post a press release WHAT WE’RE READING * The Wall Street Journal I Cloned Myself With AI. She Fooled My Bank and My Family. * The Hacker News Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers * WIRED NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI View all EVENTS * 08 MAY Webinar | 2 p.m. ET How Organizations Balance Security & Software Development Presented by studioID and Snyk Sponsored by Entrust Quantum Computing is Here Download our eBook to learn the basic concepts of quantum computing and the importance of preparing for post-quantum cryptography. Download Now CYBERSECURITY DIVE NEWS DELIVERED TO YOUR INBOX Get the free daily newsletter read by industry experts Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. COMPANY ANNOUNCEMENTS View all | Post a press release Traceable AI Introduces World’s First Zero Trust API Access (ZTAA) Solution From Traceable AI April 25, 2023 NINJIO named “Hot Company in Security Awareness Training” at Global InfoSec Awards From NINJIO April 26, 2023 Runecast Goes Full Agentless for RSAC 2023 From Runecast Solutions Ltd. April 11, 2023 Editors’ picks * matejmo via Getty Images MULTIFACTOR AUTHENTICATION IS NOT ALL IT’S CRACKED UP TO BE Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken. By Matt Kapko • Oct. 5, 2022 * Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images CISA REVISES CYBERSECURITY PERFORMANCE GOALS After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA. By David Jones • March 22, 2023 Latest in Cyberattacks * NCR restores more services following ransomware attack By David Jones * Teenagers, young adults pose prevalent cyberthreat to US, Mandiant says By Matt Kapko * Supply chain attack that hit 3CX caught at least 4 other victims, Symantec says By Matt Kapko * 3CX has a 7-part plan to shore up its security By David Jones -------------------------------------------------------------------------------- * * * * EXPLORE * About * Editorial Team * Contact Us * Newsletter * Article Reprints * Press Releases * What We’re Reading REACH OUR AUDIENCE * Advertising * Post a press release RELATED PUBLICATIONS * CIO Dive -------------------------------------------------------------------------------- image/svg+xml Industry Dive is an Informa business © 2023 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy. Cookie Preferences / Do Not Sell Search * Home * Topics * Strategy * Breaches * Vulnerability * Cyberattacks * Threats * Leadership & Careers * Policy & Regulation * Deep Dive * Library GET CYBERSECURITY DIVE IN YOUR INBOX The free newsletter covering the top industry headlines Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter.