Chapter 16Conclusion
In Chapter 1, we covered the cybersecurity risk of working with third parties via reports of various company breaches due to their vendors. In late 2020. the SolarWinds supply‐chain attack news broke. Then, the Vietnam and Mongolian supply‐chain hacks went public. All of these latest breaches are believed to have been perpetrated by Advanced Persistent Threats (APTs) who spent months performing the reconnaissance and leveraging key components to exploit weaknesses in the third‐party due diligence of companies, governments, and individuals.
Advanced Persistent Threats Are the New Danger
The evidence surrounding SolarWinds and how the attackers used sophisticated means to perform the attack is mounting, with the discovery that a third identified malware was used in the attack. Named Sunspot, this malware was used in addition to the Sunburst and Teardrop malware already identified. It is believed that the Sunspot exploit was the first used in the chain. Amazingly, cybersecurity firm CrowdStrike released information that this malware was first deployed way back in September 2019 when the SolarWinds network was first breached.
It appears that the attackers planted the Sunspot on the build server for SolarWinds, which was used to construct the software and build the applications they sold. Sunspot was designed to do one thing: Observe the build server and watch for commands to assemble the Orion software—the one that was ultimately exploited—which was their ...
Get Cybersecurity and Third-Party Risk now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
