Chainkit CEO Val Bercovici On What You Need To Know About The Solarwinds Breach
Check Below for links and additional information mentioned in this episode!
There have been some very high profile hacks in the news lately. Some of these have even been hacks of security vendors themselves, from Microsoft to FireEye, but perhaps one of the most disturbing was the recent SolarWinds hack that we are just starting to come to grips with. If you are not familiar with the details of this attack, you need to be. Today we are going to talk security so buckle in.
The scope of the recent Solarwinds hack is massive and the true depth of this attack is still being discovered. This is one of many disturbing recent security breaches. Businesses are being faced with trying to defend from a myriad of attacks that are growing more persistent and sophisticated every day. They are constantly trying to guard against everything from data exfiltration to ransomware attacks, and more insidious data manipulation attacks, but how do you do this if you can’t trust the information you are working with?
Today we have with us Val Bercovici founder and CEO of Chainkit, a company that is working to build chains of custody to simplify trust in the world’s information. He is here to tell us how establishing chains of custody around data can help to identify and protect against attacks. Val is going to help us make sense of what has been going on.
eXtended Integrity Monitoring (XIM) white paper: https://chainkit.com/xim-whitepaper This is a great primer on our technology, the why, how, and the 6 design principles that uniquely address the challenges of safeguarding data in the 21st century.
Schedule a demo: https://chainkit.com/schedule-demo
CISA Alert (https://us-cert.cisa.gov/ncas/alerts/aa20-352a) for practitioners of CISA Emergency Directive
CISA Emergency Directive Jan 19 & 25, 2021 reporting deadlines: https://cyber.dhs.gov/ed/21-01/#supplemental-guidance-v3
CISA Insight for Leaders (section 3b): https://www.cisa.gov/sites/default/files/publications/CISA%20Insights%20-%20What%20Every%20Leader%20Needs%20to%20Know%20About%20the%20Ongoing%20APT%20Cyber%20Activity%20-%20FINAL_508.pdf
60+ references by CISA to Volexity (Dark Halo) Research Report: https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
Top Conclusion from Volexity Report:
Volexity believes that Dark Halo is a sophisticated threat actor based on the following characteristics of their attacks:
Generally, the attacker displayed a reasonable level of operational security throughout the attack, taking steps to wipe logs for various services used and to remove evidence of their commands from infected systems.
Additional explicit CISA Requirement for SolarWinds customers:
(h) Configuring logging to ensure that all logs on the host operating system and SolarWinds platform are being captured and stored for at least 180 days.
(j) Configure logging to ensure that all logs from the host OS, SolarWinds platform, and associated network logs are being captured and stored for at least 180 days in a separate, centralized log aggregation capability.