Lack Of Monitoring In SolarWinds Hack Is ‘Scary’

 Most companies talk a good game about how much monitoring and auditing they do for cyberattacks--but flagrant incidents such as the SolarWinds breach and subsequent spread of malware to thousands of customers suggest many companies still have a lot of work to do.

That’s the message from Dave Mahoney, enterprise services architect at Blue Bell, Pa.-based Anexinet, No. 212 on CRN’s Solution Provider 500. Mahoney spoke with CRN as the fallout from the SolarWinds hack continued to grow and Microsoft disclosed that a second group may have also breached SolarWinds Orion, separately from the suspected Russian hackers behind the initial breach of the network monitoring platform.

Mahoney pointed out that hackers not only successfully inserted malicious code into computer science vs engineering software, but were then able to have the malware “phone home” to their command-and-control server. As a result, the hackers gained even greater access to take further actions within the system.


Comments

Post a Comment

Popular posts from this blog

Collaborative and sociable endeavour

obstacles to becoming a professional programmer. For one, outside the industry, harmful stereotypes remain. Engineers are often seen as introverted, antisocial and (you guessed it) male. As a teenager who wasn’t any of those things, I was put off. And I know there are many others now who are just like I was then. So perhaps it’s not surprising that I didn’t want a job that, at first glance, appeared to isolate me from other people in some form of employed solitary confinement. So, it was with this thought in mind that I stepped away from engineering to instead embark on a career in marketing. Fortuitously my father happened to work in the same building as my new company, so before and after work I would spend time sitting in his office.  By observing him and his team, I quickly discovered that working in software development was not an isolating role, but rather a much more collaborative and sociable endeavour.  I  computer science vs computer engineering   then and there that I had to
Read more

Two founding signatories leave Architects Declare

 Over the past year, Zaha Hadid Architects and Foster + Partners, two of the 17 founding signatories of Architects Declare, have been criticised for working on aviation projects. Zaha Hadid Architects was criticised for designing Western Sydney International Airport, while Foster + Partners' decision to design an airport for a luxury resort in Saudi Arabia led Architects Climate Action Network, another group that advocates more radical climate action, to call on the studio to withdraw from the project or from Architects Declare. This division over working on airport projects led Foster + Partners to leave Architects Declare yesterday, with studio founder Norman Foster saying: "agriculture and aviation are not going to go away and they will both need the most sustainable buildings to serve them together with the architects who can most responsibly design them." Since its foundation, the UK branch of Architects Declare has gained over jobs with computer science degree whil
Read more

National Security Directive on the Telecommunication Sector

 While the whole move around NSDTS is country agnostic and is purportedly meant to tone up the security of digital networks in the country, the reference to China is definitely doing the rounds. The Cabinet Committee on Security headed by Prime Minister Narendra Modi gave its approval for a National Security Directive on the Telecommunication Sector (NSDTS) that will impact the digital and telecom ecosystem in the country. The NSDTS is aimed at preserving the integrity of the supply chain under which the government will declare a list of trusted sources and trusted products for installation in the country’s telecom networks.  There will also be a list of designated sources from where no procurement is to be made. The methodology to designate trusted products will be devised by the designated authority, the National Cyber Security Coordinator of India, and the list of the trusted source and product decided on the basis of approval by a committee headed by the Deputy National Security Ad
Read more