annotated-Nicholas%20Foti%20%2810578536%29%20Analysis%20of%20contemporary%20computer%20security

pdf

School

Edith Cowan University *

*We aren’t endorsed by this school

Course

1101

Subject

Computer Science

Date

Apr 3, 2024

Type

pdf

Pages

Uploaded by ColonelMusic13929

CSI1101 – Computer Security Analysis of Contemporary Computer Security Issues Student No: 10578536 Student Name: Nicholas Foti Campus: Joondalup, off-campus Lecturer: Mr. Imran Malik

Contents Introduction ............................................................................................................................................ 3 Part A: SolarWinds Malware Analysis ..................................................................................................... 4 Overview of the malware ................................................................................................................... 4 How did the SolarWinds hack happen? .............................................................................................. 4 Task B: Discussion on SolarWinds attack ................................................................................................ 5 The Attack ........................................................................................................................................... 5 The Impact .......................................................................................................................................... 6 Investigation and Resolution .............................................................................................................. 6 Summary ................................................................................................................................................. 6 References .............................................................................................................................................. 7

Introduction The world is quickly becoming a fully digitalised society with the number of devices connected to the internet increasing at rapid rates. These devices hold important information and data relating to the user which in turn has led to a spike in the number of reported cybercrime attacks, costing Australia’s economy alone $42 billion a year (ACSC, 2021). Malicious software or Malware is at the forefront of cybercrime attacks. It comes in many forms such as worms, viruses, trojan horses and ransomware (Rieck et al., 2008). These software’s are designed to intentionally breach into a system or network to cause a disruption, leading to private information being leaked, depriving the user access or gaining unortharised access by the hacker themselves (Wagener et al., 2008). SolarWinds is an American company that develops software for many businesses to help manage their networks, systems and information technology. Recently, SolarWinds was the target of an organized cyber attack in 2020. Regarded as one of the biggest breaches of the 21 st century, the attackers managed to gain private information access to over 30,000 public and private organisations (Oladimeji & Kerner, 2022). This report focuses on the SolarWinds malware attack in 2020 and aims to provide an analysis of the malware itself that was used in the attack and also a discussion on the incident itself regarding when the attack occurred, consequences of the attack ect. The first part of the report will provide the analysis into the malware software to explain how it works and provide information and the second half of the report will contain the discussion on the attack.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Part A: SolarWinds Malware Analysis Overview of the malware The SolarWinds hack was a supply chain breach that involved the SolarWinds Orion system. A supply chain breach means that the attackers targeted a third party with access to the organisations systems instead of going straight for the system itself. The malware used in the attack was identified and now known as “Sunburst” (Olademji & Kerner, 2022). Sunburst is a malware that has the ability to lay dormant when inactive in a system giving it an element of stealth as it cannot be detected. However, when activated Sunburst can create “backdoors” meaning unauthorised users can enter the system and access the information (Wolff et al., 2021). Sunburst was especially dangerous as once access to the system has been achieved, it can establish persistent access to the system allowing the attackers to have access even if the malware is removed (Wolff et al., 2021). The malware was delivered in the form of a .dll file that was implanted when SolarWinds released their update with a security flaw (Tavares, 2021). Figure 1 Screenshot of the .dll file that was implanted into the SolarWinds system Tavares, P. (2021). SUNUBRST backdoor malware: What it is, how it works, and how to prevent it. https://resources.infosecinstitute.com/topic/sunburst-backdoor-malware-what- it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/ How did the SolarWinds hack happen? The SolarWinds malware went through four stages before it began to distribute the hacked software updates. It began by gaining unortharised access to the SolarWinds network, it then began to test the initial code injection into Orion using the .dll in the figure above, the code known as Sunburst was injected into Orion once they were certain they had not been detected which finally led to SolarWinds unknowingly sending out their Orion software updates that included the malware. The attackers can then impersonate users of the infected organisations, access system files and act as legitimate activity (Olademji & Kerner, 2022). This process took over a year to complete providing legitimacy to the stealth aspect of the malware. With this malware being incredibly stealthy in its approach, it made it very difficult to identify and remove the malware by scanning for indicators of compromise (IOC’s) basically marking this technique ineffective. After the attack, there have been

multiple detection opportunities to stop attackers from using Sunburst again which involves looking at the IP address’ and monitoring logs to find any delete-create-execute-delete- create patterns that happen in a short time frame (Mandiant, 2020). Task B: Discussion on SolarWinds attack The Attack The group responsible for the attack were identified as “Nobelium” and are suspected to be nation-state hackers (Olademji & Kerner, 2022). Nobelium injected the malware into SolarWinds Orion IT management software in September of 2019. The malware was passed through the software’s legitimate update system and was not detected as it was hidden very effectively for over 6 months(Wolff et al., 2021). March 2020 is when the malware fully infiltrated the system. The attackers were able to compromise a digitally signed Orion network component which led to the opening of the “backdoor” into the network, gaining access to thousands of SolarWinds customers including government (Wolff et al., 2021). Gaining access to this meant that the number of victims could only grow from here as they now had access to not only SolarWinds customers, but the data of all partners associated with SolarWinds Orion too. Figure 2 The Digital Signature compromised by the attackers granting access to the network

Olademji, S & Kerner, S. (2022). SolarWinds hack explained: Everything you need to know . https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to- know The Impact SolarWinds stated that upwards of 30,000 customers were infected through the software updates including the malware (Olademji & Kerner, 2022). However, Wolff et al. (2021) states that public information shows the attackers only focused on a small group of people and the impacted systems were not chosen at random. The attackers appeared to seek information from the U.S Federal Government and the infected systems and customers were directly or indirectly linked to make the information available. The attack can be seen as a success as it was clearly not for monetary gain but for classified information. E-mail systems that belong to the Treasury Department of the U.S Government were compromised, and systems were compromised at the Los Alamos National Laboratory that makes nuclear weapons for the United States (Wolff et al., 2021). It is also worth nothing that private companies such as Microsoft, Cisco and Malwarebytes were impacted, and they are all service providers for the U.S government. Investigation and Resolution After investigation it was found that the attackers were able to access the systems so easily because SolarWinds had very bad security, due to the owners being known for drastically cutting costs for the short-term profit gain (Peisert et al., 2021). Due to the targeting of government information, federal investigators believe that the Russian foreign intelligence service is behind the attack by hiring Nobelium (Olademji & Kerner, 2022; Peisert et al., 2021). SolarWinds stated that despite the severity of the attack, companies involved should still follow their existing policies to prevent further loss. Other companies such as Microsoft, FireEye and GoDaddy that were affected collaborated to create a kill switch for the Sunburst malware, this effectively stops the malware if the IP address is part of a specific range when the malware attempts to contact control servers.(Wolff et al., 2021; Abrams, 2020). Summary Ultimately, this high-profile attack on SolarWinds demonstrates just how dangerous these attacks can be. With what seemed like little effort at all a group were able to infect upwards of 30000 companies and access any information they wanted including classified government information regarding nuclear weapons using a supply chain ‘backdoor’ attack. The way that Sunburst was able to lie dormant in the SolarWinds system for months before detection shows how much more advanced malware is compared to our security measures. Since SolarWinds were found to be cutting costs regarding their security, this could have been the reason as to why they were targeted and thus reinforcing a need for businesses to push for their information technology systems to be up to date and secure. Keeping staff

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

trained to avoid more future attacks by providing the education necessary could prove beneficial in the long run too. All up, businesses should be able to learn from the SolarWinds attack to hopefully reduce the risk of another high-profile event from occurring in the future. References Abrams, L. (2020). The SolarWinds cyberattack: the hack, the victims, and what we know. Bleeping Computer . Retrieved from: https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the- hack-the-victims-and-what-we-know/ ACSC. (2021). ACSC Annual cyber threat report 2020-21. Retrieved from: https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual- cyber-threat-report-2020-21 Oladimeji, S., & Kerner, M, S. (2022). SolarWinds hack explained: everything you need to know. TechTarget. Retrieved from: https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything- you-need-to-know Peisert, S., Schneier, B., Okhravi, H., Massacci, B., & Benzel, T. (2021). Perspectives on the SolarWinds incident. IEEE Security & Privacy, 19 (2), 7-13. Doi: 10.1109/MSEC.2021.3051235 Rieck, K., Holz, T., Willems, C., Dussel, P., & Laskov, P. (2008). Learning and classification of malware behaviour. Det of Instr and Malware and Vulnerability Asses , 5137 , 108- 125. Doi: 10.1007/978-3-540-70542-0_6 Tavares, P. (2021). SUNBURST backdoor malware: what it is, how it works, and how to prevent it. INFOSEC. Retrieved from: https://resources.infosecinstitute.com/topic/sunburst-backdoor-malware-what-it-is- how-it-works-and-how-to-prevent-it-malware-spotlight/ Wagener, G., State, R., & Dulaunoy, A. (2008). Malware behaviour analysis. J Computer Virology, 4 , 270-287. Doi: 10.1007/s11416-007-0074-9 Wolff, E, D., Growley, K, M., Lerner, O., Welling, B., & Gruden, G. (2021). Navigating the SolarWinds supply chain attack. The Procurement Lawyer, 56 (2), 3-10. Retrieved from: https://www.proquest.com/docview/2532196231/25DBCFFBA2C14C6APQ/1?accou ntid=10675

Related Documents

Victor Adams - Chapter 1 - Review Questions.docx

Victor Adams - Chapter 2 - Review Questions.docx

Research paper methods section.docx

Benchmark.docx

Homework 3(1).docx

HR's Role in Pathways Financial Credit Union Training Methods.docx

annotated-10578536%20Assignment%201%20CSI2321.docx.pdf

MP3 QA report.pdf

Machine Learning write up.docx

MP4___Spring_2024.pdf

MP2___Spring_2024__v2_.pdf

CS6262 Project 4 writeup.pdf

Recommended textbooks for you

Fundamentals of Information Systems

Computer Science

ISBN:9781337097536

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Fundamentals of Information Systems

Computer Science

ISBN:9781305082168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Enhanced Discovering Computers 2017 (Shelly Cashm...

Computer Science

ISBN:9781305657458

Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell

Publisher:Cengage Learning

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781305971776

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781285867168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Management Of Information Security

Computer Science

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:Cengage Learning,

SEE MORE TEXTBOOKS

Recommended textbooks for you

Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,