Let’s Apply APT Lessons From SolarWinds Hack

Let’s Apply APT Lessons From SolarWinds Hack
Author: Dustin Brewer, Senior Director, Emerging Technology and Innovation, ISACA
Date Published: 21 December 2020

Well, my cyber and information security friends, it’s that time again. We’re starting to get asked questions about what we do by more than just our immediate supervisors. We get comments such as “I bet you’re busy this week” and “Should I change my password on my account?” That’s right – it’s the next iteration of “Someone got hacked and it’s making news!” This time, it’s a little different, though, because it was one of our own – an IT security company – and the attack is being attributed to an advanced persistent threat (APT).

In an upcoming ISACA Cyber Pros Exchange podcast, Frank Downs and I discuss what APTs are and what a breach could mean to an organization. With the recent SolarWinds hack unraveling more and more information about the attackers, scope, and their TTPs every day, it’s hard to ignore the threat. But how do we defend against such an attack? If APTs are so advanced and well-funded, what is the information security community to do?

To answer these questions, let’s take at some of the work done to uncover this attack:

These activities should all sound very familiar: code review, vendor and supply chain vetting and review, and analysis. They are all activities that we, as information security professionals, conduct on a relatively routine basis and are written into our procedures, policies and standards. They are designed to prevent and detect attacks. It can be argued that technically, in this case, they worked! FireEye was able to discover the attack and has since released information on detection and mitigation of this particular attack. As usual, the answer appears to be enabling defense in-depth and remaining vigilant with our policies and standards for security.

Utilizing cyber maturity models and frameworks can ensure that your organization is not only secure but can identify where your security gaps are and how to fix them. There’s still a lot about this attack that we don’t know, but as the details are being released, we don’t have to wait to improve our own cyber programs. FireEye and SolarWinds are continually updating the community with mitigation and detection techniques as they are discovered. There’s no time like the present to evaluate and update your enterprises cyber and information security programs while the spotlight is on.