SolarWinds Cyberattack | UPSC

SolarWinds Cyberattack | UPSC

      HEADLINES:

How the SolarWinds cyberattack has hit Microsoft

      WHY IN NEWS:

Microsoft has not confirmed what source code was accessed by the hackers.

SYLLABUS COVERED: GS 3: Cyber Attack

      ISSUE: 

However, the fact that the hackers got in so deep is quite worrying, given source code is crucial to how any piece of software works.

SOLARWINDS CYBERATTACK : MICROSOFT

NAMING

  • The target of the cyberattack was Orion, a software supplied by the company SolarWinds.
  • As part of its ongoing investigations in the SolarWinds cyberattack, Microsoft has revealed that its internal source code was likely accessed by the attackers.

MALWARE REVEALED

Meanwhile, FireEye, which discovered the attack, has revealed details about the Sunburst malware.

  • The malware exploited the SolarWinds Orion software, which is used by thousands of companies, including several US government agencies.
  • According to FireEye, Sunburst — a malicious version of a digitally signed SolarWinds Orion plugin– contains a backdoor that communicates via HTTP to third-party servers.

HOW MALWARE WORKS?

  • It appears that the plugin remains “dormant period of up to two weeks,”.

After which it starts executing commands and carrying out tasks such as “transfer of files, execute files, profile the system, reboot the system, and disable system services”

  • It also appears that the malware “performs numerous checks to ensure no analysis tools are present”.

TARGET

  • The company had earlier confirmed that it too was compromised is what is being seen as one of the world’s largest cyberattack, that primarily targeted the United States (US) government and several other private organisations.
  • The SolarWinds cyberattack was first revealed in December by cyber-security firm FireEye.
  • We take a look at what Microsoft’s latest investigation has revealed, and what it means.

WHAT HAS MICROSOFT REVEALED IN ITS NEW INVESTIGATIONS?

  • Microsoft’s internal security research team has found evidence that the attackers accessed some internal source code in the company’s systems.
  • The ‘Solorigate incident’ as Microsoft has termed it in the blog, showed there were “attempted activities beyond just the presence of malicious SolarWinds code in our environment.”

The company says so far the investigation confirmed no changes were made to this source code.

  • These accounts were investigated and remediated.

WHAT IS SOURCE CODE?

  • Microsoft has not confirmed what source code was accessed by the hackers.
  • However, the fact that the hackers got in so deep is quite worrying, given source code is crucial to how any piece of software works.

Source code is the key to how a software product is built and if compromised could leave it open to new, unknown risks.

  • Hackers could use this information to exploit any potential weakness in the programmes.
  • Microsoft says “this activity has not put at risk the security of our services or any customer data,”.
  • The company says that there’s no evidence that its systems were used to attack others.

      IASbhai WINDUP: 

  • This cautious approach is what helped the malware “evade detection by anti-virus software and forensic investigators for seven months after its introduction to the SolarWinds Orion supply chain,”.
     SOURCES:    IE   | SolarWinds Cyberattack | UPSC

 

DISCOVER MORE : GENERAL STUDIES-III

If you liked this article, then please subscribe to our YouTube Channel for Daily Current Affairs , Editorial Analysis & Answer writing video tutorials. You can also find us on Twitter and Facebook.

0 Shares:
You May Also Like