The VPN depolyed is Pulse Secure. The cyberattack qualified as an advanced persistent threat started back in Mach 2020 and lasted until February 2021.

Cybercriminals used yet another new method

According to CISA, the attackers used a new hacking approach: the Supernova (a .NET webshell) was placed directly on the SolarWinds server making it look as if part of the system. The hackers also took advantage of the fact that the victims didn’t use a two-factor authentication method on their VPNs. Once authenticated, the attackers used a virtual machine to move laterally to the victim’s SolarWinds Orion software and install Supernova via a PowerShell command, the report explains. While VPNs provide an extra layer of security, they don’t act the same as antivirus software or as a firewall. That is why CISA recommends that all organizations use not only multiple factor authentication methods, but also several cyber-protection tools within the same network, all of them up to date. Similarly, the company’s workstations and servers should be updated and equipped with only the necessary software. Regular users should not have admin privileges, especially when it comes to installing third-party apps. You can read more about CISA’s full recommendations and the entire threat scenario in the above-mentioned report.

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ