I was researching into the solar winds hack and trying to see if there’s any lessons to be learned etc.
From reading the FireEye report it seems the attackers methods were quite sophisticated and as a result the attack sent went undetected for several months.
What I haven’t been able to find is how solarwinds themselves where breached, I don’t know if they themselves don’t know/haven’t disclosed it or if I just haven’t looked hard enough, I apologise if it’s the latter.
I was also wondering what could have been done to prevent this, both by solarwinds themselves but also by the company’s affected, either to mitigate damages or to detect the hack.
If anyone has any thoughts/insights they’re willing to share please do.
Most definitely state sponsored imho
Better change management practices. Auditing network traffic. Auditing files available to customers.
All things they claim they are doing now.