The Johari Window: How Known Unknowns Led to the Largest Cybersecurity Breach of National Security in U.S. History

“Therefore just as water retains no constant shape, so in warfare there are no constant conditions.” -Sun Tzu

This article presents a different perspective on the recent SolarWinds breach in the growing number of articles on the recent attacks. It also proposes a different approach to adversary detection by detecting the constants in a breach using the concept of active defense as described by the new MITRE Shield framework. The idea is that blue teams should detect lateral movement and living off the land after the adversary has established a beachhead instead of relying solely on detecting the attack using known knowns.
Read More

CISOs Share 2021 Predictions for Cybersecurity

Thankfully, 2020 is on the way out. What are CISOs saying about what’s to come in 2021? From targeted ransomware, insider threats, cloud security, lateral movement, and remote work, to the importance of good cyber hygiene and credential management, there are A LOT of challenges to be dealt with. So we brought together CISOs to hear their thoughts and 2021 predictions for cybersecurity. 
Read More

Illusive Networks Advisory – SolarWinds Supply Chain Attack

Since last week and continuing into this week, details of the attack first perpetrated on FireEye and subsequently on the US Government Departments of Treasury and Commerce continue to evolve. We now know that the attack’s origin was the SolarWinds Orion IT management software versions 2019.4 HF 5 and 2020.2 HF 1, containing a backdoor (Sunburst). According to the FireEye analysis, this campaign may have started as early as spring 2020. We recommend you follow the remediation guidelines from SolarWinds, and any other organizations directly involved in the attack.

It’s still early, and industry knowledge about the attack remains incomplete, nevertheless we have learned enough to start developing plans to assess and reduce risk for organizations running the affected versions of SolarWinds Orion software. In this attack, as with most other advanced attacks like APTs and the new forms of targeted (human-operated) ransomware, attackers establish an initial beachhead, surveil their surroundings and move laterally to harvest privileged credentials that give them access to valuable information – “crown jewels”.
Read More