Ivanti Insights Podcast - FireEye Breach
1 like225 views
The document discusses the investigation of the FireEye breach, revealing it is part of a more extensive SolarWinds breach affecting around 18,000 entities globally. A backdoor in SolarWinds Orion was exploited by sophisticated threat actors, highlighting vulnerabilities in cybersecurity defenses. It emphasizes the need for strong cybersecurity programs that anticipate incidents and adapt based on evolving threats.
Ivanti Insights Podcast - FireEye Breach
- 1. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Chris Goettl / Phil Richards Hosted by Adrian Vernon DECEMBER 16, 2020 FireEye Breach Investigation Uncovers Much Larger SolarWinds Breach
- 2. Copyright © 2020 Ivanti. All rights reserved. Situation Analysis Recommendations Exploit Type: Exposure: Attack Vectors:Impact: Vendor Risk Management Endpoint Detection and Response FireEye is an organization well equipped to investigate a security breach. It is no surprise that the cybersecurity firm quickly found how the attackers gained entry and what they compromised. The scope of the true incident is surprising. The source of the attack was found to be a backdoor introduced into SolarWinds Orion which may have been downloaded by as many as 18,000 entities globally. Ransomware FireEye Breach Part of a Larger Incident 25 Confirmed entities victimized by SolarWinds backdoor Data Theft SolarWinds Orion Trojan Continuous Vulnerability Management Red Team Exercises Emergency Response Planning Data Protection
- 3. Copyright © 2020 Ivanti. All rights reserved. 1.CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 10.0 2.CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 10.0 3.CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN - CVSS 9.8 4.CVE-2018-15961 – RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell) - CVSS 9.8 5.CVE-2019-0604 – RCE for Microsoft Sharepoint - CVSS 9.8 6.CVE-2019-0708 – RCE of Windows Remote Desktop Services (RDS) - CVSS 9.8 7.CVE-2019-11580 - Atlassian Crowd Remote Code Execution - CVSS 9.8 8.CVE-2019-19781 – RCE of Citrix Application Delivery Controller and Citrix Gateway - CVSS 9.8 9.CVE-2020-10189 – RCE for ZoHo ManageEngine Desktop Central - CVSS 9.8 10.CVE-2014-1812 – Windows Local Privilege Escalation - CVSS 9.0 11.CVE-2019-3398 – Confluence Authenticated Remote Code Execution - CVSS 8.8 12.CVE-2020-0688 – Remote Command Execution in Microsoft Exchange - CVSS 8.8 13.CVE-2016-0167 – local privilege escalation on older versions of Microsoft Windows - CVSS 7.8 14.CVE-2017-11774 – RCE in Microsoft Outlook via crafted document execution (phishing) - CVSS 7.8 15.CVE-2018-8581 - Microsoft Exchange Server escalation of privileges - CVSS 7.4 16.CVE-2019-8394 – arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus - CVSS 6.5 What was stolen from FireEye?
- 4. Copyright © 2020 Ivanti. All rights reserved. If a top cybersecurity firm can be breached what chance do we stand? • First and most important, there is no 100% in cybersecurity. There is always going to be the next threat, the next exploit, the next zero day. • FireEye and SolarWinds were targeted by a well-funded, sophisticated, and persistent nation state threat actor with top-tier offensive capabilities. A strong cybersecurity program: • is about identifying and mitigating risk. • understands that no defense is perfect, and uses defense in depth. • assumes incidents will occur and plans to respond. • is always evolving and adapting based on real world attacks and information. • uses well-known security frameworks
- 5. Copyright © 2020 Ivanti. All rights reserved. Prioritizing for 2021 • FireEye Breach CVE List • NSA Top 25 CVEs targeted by Chinese State-Sponsored Actors • DHS CISA Top 10 Routinely Exploited Vulnerabilities • Gartner Top 10 Security Projects for 2021 • Coveware Ransomware Trends • Verizon Data Breach Investigations Report Footer
- 6. Copyright © 2020 Ivanti. All rights reserved. See you in January, 2021 as we launch the Ivanti Insights podcast series! Thank You!