DEV Community

Cover image for fireEye - Biggest Cyber attack just got public | solarwinds
Keshav
Keshav

Posted on

fireEye - Biggest Cyber attack just got public | solarwinds

Let me first tell you this interesting thing in the story format so that you can connect the dots better.

Now cyber security is always a cat and mouse game sometimes you think that you are safe but the next moment you know that you were being hacked and in order to protect that there are so many good companies which put advisories to the companies that hey this is how you can secure this.

Source : Microsoft Blogs

It's a always cat and mouse game and no matter how big you are the next day you can be a potential target and what you know you are down next day.

So, let me walk you through with the story here so fireeye is one of the biggest name in the cyber security it is so big and I'm not exaggerating it.

The higher management of the fire eye is not allowed to even go to Russia for even a vacation this is something real fireeye is one of the biggest name in the industry now a few days ago fireeye came out and said that "we were hacked" and this actually made a big news that while the biggest firm in the world was attacked and is accepting that we were hacked!!!

Now during the hacked they found out that what was breached when it was asked to them they said that's actually the biggest nightmare it was not the nightmare that we were hacked but the nightmare what was hacked from us.

In case on to let me take you a little bit on the side track in case you don't know much about the cyber security these days how this is being performed usually there are two teams the red team and the blue team.

The job of the blue team is to simply go ahead and roll out patches and secure and put the firewall so that people cannot breach on the other hand the red team is responsible for simulating the attacks of course in the controlled environment.

But since some of these attacks are so sophisticated that they need automation so companies like fireeye they have their own kind of a big box in which they use these red tools and by the box, simply means their software stack or their servers or where they wherever they are keeping these simulations of these red attacks.

Now some of these red attacks are so much complex and so much powerful that the if they get out in the world they can do so much of damage and yes you guessed it right that's exactly was attacked and that's exactly was stolen from fireeye so all those boxers which were holding these simulations for the red team or the red attacks they got stolen.

Now according to the official statement of the fire eye there was no zero day attack now in case you don't know zero day, don't worry let me explain you briefly about it.

Zero day is a potential vulnerability which nobody has seen yet it is a potential vulnerability but nobody has seen it so there is no patch and not a whole lot of people knows about it probably if you can count them on fingers these many people only know about zero days so according to the fire eye statement there was no zero day in that but according to their statement.... okay taking you to the part two of the story

Another thing which you might be hearing very soon quite a lot in the news is solar eye attack or the solar hack there's a lot of name so what is this solar tool in order to give you the gravity of the context that how popular the solar wind tool is imagine any of the 50 fortune 500 company!!

Now imagine 50 more now imagine 50 more all of them which came to your mind use solar wind the solar wind tool is a go-to tool for every single fortune 500 company and if I'm exaggerating it let's keep the number at almost 90 percent companies big companies use solarwind as their network monitoring tool.

It is said that they are there are probably more than 18 000 customers which are going to be affected by this attack so you can see that all of the big names that you can think of they are using solarwind now this solar panel i have personally never worked on it but I know all these big companies where I have worked as a remote contractor or as a physically being there I have seen network people always using these solar teal and I'm talking about all the big companies..

That possibly can come to your mind so solar wind is a nice tool which keeps the track of monitoring the network their bandwidth how is it is using the logs and how the fluctuations are going on everything that possibly you can do by networking is being done there so you can see that it's almost like a monitoring tool for the entire internet which is running on the planet and what's more scary to this is the client list of the solarwind it's one of the biggest firm in the world including all the big fortune 500 also the state department a lot of governments also use this including FBI, NASA's treasury department, state health department almost all of the names that you can think of including microsoft!!

Whole lot of people are going to come out and forward and say that yeah we also use this tool so all of them were potentially a victim of this hack now let me tell you how this hack was actually planned up.

So now the hackers having the access of these red tools what they did after that they actually found out that how the network updates of this tool are being delivered you also get these software patches and software updates and what you do next you just simply go ahead and update these tools.

Whatever the tools you are using same goes for the solar wind tool as well okay again putting this as a side note i have personally never used solarwind i've always been in the software development side of the team so i've used friends and talking them about the solar will never have personally used it okay so what happens in that is a new update came out for the solar wind and again let me give you a little bit more scary reason here this update came out in march of 2020 and what attack attackers did was they somehow got the access to the network or the CDN through which they were delivering these updates and they injected a dll a malicious dll along with the patch so the patch is now going to act as a potential vulnerability to every single person who is going to be updating their software and everybody loves an update in the software who doesn't you shouldn't like not do it you should always do an update so every single company of course this is a talk about march so this is almost the end of 2020 everybody did the update.

And next day you know fireeye came out with a public disclosure that we were attacked and entire dots were connected and this is scary this is scary because hackers had these access to all of the big giants from march now they are saying that this attack was planned by Russia we have no proof of that nobody claim out and say that this is a rock solid proof about that so obviously they're gonna name it to Russia but it can be potentially from other groups of people as well now the the danger here is that attackers had the access of everything and yes they had this network level access in all of these fortune 500 companies 18 000 customers and they had this at access from march gosh!!!

Not only these attackers have the access of these networks of big companies but they also know that how these attacks are being made how the potential firewalls are being kept so they have they are knowing now too much of the details so what will be the impact of this currently we are not seeing any impact currently the news is just out and we have seen one big giant being down for an hour a couple of days ago now obviously it is expected that in 2021 it's going to be a biggest bigger nightmare of the cyber attacks that's are going to happen eventually it's going to scale up so that's a little bit update that you should really know if you are residing anywhere in the id world cyber security space or even the coding space.

I've tried my best to explain this as dumbed down version as possible surely I have excluded a whole lot of details on this to make sure that this article is understandable by the massive audience and not just a specialized group of cyber security people so if you've enjoyed this article make sure to spread it through your medias with your friends and make everyone aware of it.

Thanks for reading

Little Request :

This is my Channel and I am Working on #webdev, #coding , #SEO and #cloudskills and lot more.

Hit the #subscribe button on #YouTube to stay tuned :) looking for better #audiences.💫

Keep Learning 😊✌
TECH_ED

Links of resources :

  1. https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html)

  2. https://www.theguardian.com/technology/2020/dec/16/solarwinds-orion-hack-scrutiny-technology

  3. https://www.youtube.com/watch?v=wiQ_dKFUYkc

  4. https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/

Top comments (1)

Collapse
 
yellow1912 profile image
yellow1912

Interesting read. I also read the Microsoft article as well. I think this is similar to the nuclear race in many ways. All the big nations, including the US, have these internet nuclear bombs, at some point they will need to sit down and talk. They will agree that all sides will keep calm and don't press that red button, and that other small nations are not allowed to have similar bombs. And then north korea will come out and say hey attack me and I will press my little shiny red button as well. Lol.