ISC StormCast for Tuesday, December 15th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 15 December 2020
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, December 15th, 2020 edition of the Sandstone Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida. |
| 0:13.6 | First of all, sorry for a little hiccup with yesterday's podcast. I re-recorded it to add the Solar Wind story, but apparently the earlier |
| 0:23.5 | version actually was made live initially, so some of the early downloaders may have gotten |
| 0:30.3 | the version without the Solar Wind's story. |
| 0:34.6 | And so let's start with a quick update on Solar Winds. What do we know so far? And |
| 0:40.2 | what actually happened there? Well, appears that SolarWinds, the company that makes this |
| 0:47.0 | network monitoring system, did get compromise. And as a result, the attacker was able to inject malicious code into a critical |
| 0:59.2 | library that is being shipped with Solar Winds or Rhine. And with Fire Eye being one of the victims |
| 1:06.7 | and apparently the company that also tipped off solar winds off this compromise. |
| 1:12.6 | We do have a great blog post by Fire Eye with plenty of indicators of compromise that you can check. |
| 1:21.6 | The compromise apparently did last from March to July of this year and affected our versions 2019.4 through 2020.2.2.1 Hot Fix 1. |
| 1:36.6 | If you are using one of the affected versions, then you likely do have the malicious DLL |
| 1:43.3 | installed. The big question of course is whether or not |
| 1:47.2 | the attacker did take advantage of the malicious DLL. And so far it looks like only very specific |
| 1:55.3 | organizations were actually then compromised using the back door that this DLL implemented. |
| 2:03.6 | End point protection providers are adding signatures for the respective malicious files, |
| 2:09.6 | so you may see some alerts pop up from those systems. |
| 2:14.6 | However, they just focus on the actual compromised solar winds install. |
| 2:21.5 | They don't necessarily detect any kind of additional matter that was installed just in your |
| 2:28.5 | specific organization. So you have to be really careful how you deal with this particular incident. |
| 2:36.1 | Effected Solar Winds installs should be considered as compromised, should probably be removed |
| 2:43.4 | from the network until you have a chance to closely investigate the particular system. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.