
Avoid Supply Chain Attack like SolarWinds Orion? This is the solution.
The Supply Chain Attack on the SolarWinds Orion platform could have prevented one of the biggest hacks. The solution for the business community, (semi-)governmental authorities and secret services: ZoneZero SDP
In 2020 one of the biggest cyber attacks in the world have taken place. An attack in the vulnerability on the SolarWinds Orion Platform was discovered. Hackers were able to penetrate one of the DLL files on the Orion platform using their malicious code. This allowed them to connect to command and control servers (C2), enabling them to carry out remote attack commands themselves. This approach allowed them to penetrate the networks of the victims unseen and to continue their activities for a long time. This is, of course a shortened version of how the cyber attack actually took place.
Among those affected were many government organisations and vital sectors, so the impact of the hack could literally have cost lives. Suppliers such as FireEye and Microsoft launched an in-depth investigation to prevent such a cyber attack in the future. In this blog you can read more about how the hackers have acted and how to Cyber-attacks can easily be prevented in a very simple way.
How the hackers acted in this cyber attack
After the hackers had accessed of one of the DLL files they gained access to the command and control servers (C2). This made it possible to carry out attack commands themselves. Then they obtained privilege escalation and continued their mission to steal data. With these lateral movement attacks they crisscrossed the network and were able to scan all layers and obtain sensitive data.
This Supply Chain Attack could have been prevented
There is no doubt that the lateral movement attack on SolarWinds Orion could have been prevented. On the first attempt at a PowerShell assignment, all the alarm bells of the IT department should have been ringing loud and clear.
FireEye shows that the lateral movement attack was carried out via PowerShell Remote Task Creation. The large-scale use of Powershell within organisations networks makes it even more interesting for hackers to carry out such an attack, as all they need is access to the servers, which are easily accessible via other accounts. No two-step authentication (2FA) is required, i.e. once inside means: 'go ahead undisturbed'.
"We need to understand vulnerabilities and adopt a different approach to prevent a Supply Chain Attack. Namely, controlling and securing internal processes to keep hackers out. Keeping the SolarWinds software up-to-date is really no longer enough in this day and age. Is your organisation already able to withstand a zero-day attack?"
The solution is an open door: Multi-Factor Authentication
Multi-Factor Authentication is the key with which you literally lock all doors properly. This prevents an attacker who has entered your network from moving sideways (laterally) through your network (ZoneZero SDP, 2020).
By adding Multi-Factor Authentication (MFA) to every system, server and application in the network, you create an extra layer of authorisation. When the hacker wants to access a server and execute a PowerShell command, an authorisation is requested at all times, for example in the form of an SMS code. If this MFA is not answered, the command will not be executed.
Prevent a Supply Chain Attack with Zero Trust Network Access
TerraZone has a Developed a centralised MFA solution that makes it easy to avoid a Supply Chain Attack. 'ZoneZero MFA' can be added to systems, servers, data and applications. This part of the Zero Trust Network Access (ZTNA) provides enhanced and continuous user authentication. It allows users to easily integrate MFA (e.g. SMS, Push Messaging, Biometrics, Telegram, WhatsApp, REST API) and identity awareness. This includes all access scenarios for internal and external users, VPNs and (non-)web-based applications.
The customer-focused approach of authentication providers often poses integration and maintenance challenges. In addition, non-webbased applications are not necessarily compatible with MFA. ZoneZero provides a modular solution where you can purchase components yourself. This way you create a ZTNA IT environment without dependence on software packages.
Advantages of ZoneZero Perimeter Access Orchestration platform:
- Simple solution to critical security issues
- No dependence on software packages
- Upgrade Two-Factor-Authentication to true Multi-Factor-Authentication
- Existing VPN applications can continue to exist, you don't need to purchase new VPNs to reach ZTNA
- No additional specific knowledge is required to use the product
- Centralised approach, no integration on the user side
- Add MFA capabilities to applications, own services, RDP, file shares, SSH, SFTP, VMWare e.g.
- Built-in MFA or integration with 3rd party software MFA/IdP’s (o.a. SMS, push messages, biometric, Telegram, WhatsApp, REST API)
- Access control policies for internal and external users
Research proves the effectiveness of ZoneZero MFA
ZoneZero MFA is part of the ZoneZero Perimeter Access Orchestration-platform. This ensures central management of all secure access technologies and enables organisations to reach Zero Trust Network Access. Safe-T, FireEye and Microsoft have investigated the operation of this method and determined that ZoneZero MFA is your best chance of keeping hackers out and preventing a Supply Chain Attack.
Cost & Delivery time
Order your ZoneZero MFA solution right away. We deliver within 5 days. The ZoneZero MFA solution is suitable for any network.