The cybersecurity industry was deeply shaken by the Solorigate attack, the impact of which is still being felt in the cybersecurity space. Several companies have already started addressing this challenge with their product suites. This particular attack will have a ripple effect in the upcoming quarters and highly influence the service industry market; especially the identity and access management (IAM) service industry. In this blog, we have analyzed this attack and presented some tips on preventing or containing the impact using IAM tool set.
Attack over SolarWinds vulnerability (Solorigate / Sunburst / Sophisticated Golden SAML attack)
Source of the attack: Trojan code in Orion Software (network monitoring tool) from SolarWinds
Attack vector: Active directory, thereby anything on premise network and can extend to services in the cloud or the software supply chain
Impact: As per New York Times, 250 organizations may have been impacted with this vulnerability
Attack description: With a Trojan inserted in one of the patches on Orion software in the month of March 2020, hackers could get hold of the domain controller, ADFS (a critical asset of an enterprise) and could compromise the SAML signing certificate. Once this is accomplished, the adversary creates unauthorized but valid tokens and presents them to services that trust SAML tokens from the environment. Further, they can exploit the whole network (both on-premise and cloud).
How it came into the limelight: FireEye, a cybersecurity company, brought this to attention when one of its users was called for Multi-factor Authentication (MFA) registration during a hacker attempt of lateral movement.
How can such an attack be mitigated with an IAM toolset
Since identity is the new perimeter, proper implementation of IAM tool set plays a vital role in preventing / eliminating cyber-attacks of an enterprise. Enterprise must focus on implementing the solution by following the security standards, frameworks offered by industry bodies such as NIST (National Institute of Standards and Technology), CSA (Cloud Security Alliance), NCSA (National Cyber Security Alliance), ISACA (Information Systems Audit and Control Association), Information Systems Security Certification Consortium, Inc., (ISC) etc. We (Wipro) as recognized by leading research and analyst firms such as Gartner, Forrester, IDC, Everest Group, HFS Research, ISG, NelsonHall, are here to partner with you in establishing preventive and Detective cyber security controls by following the security standards, Zero Trust Strategy, Security by Design principles and Defense in Depth Practices.
Industry :
Venkatesh Ampolu
Venkatesh Ampolu is a seasoned IAM Practitioner in Wipro Cybersecurity IAM Consulting team. He has 14+ years of experience in contributing various Cybersecurity services (Consulting, Implementation and Support) to the esteemed clientele. He can be reached at ampolu.venkatesh@wipro.com.