Many US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications, and Information Administration (NTIA), and several enterprises were targeted in a highly sophisticated and evasive cyber-attack through a flaw in the supply chain of SolarWinds. The massive cyber espionage campaign, now dubbed Solorigate, has rattled governments and large companies alike, simply by the scale and complexity of the attack that leverages the trust in the reputed company and the ability to blend into the code to allow attackers to stay undetected for a long time.
In this article, let us dissect the Solorigate campaign, and understand how Microsoft 365 Defender can protect you against such cyber-attacks.
What is Solorigate?
Software for Windows use DLL (dynamic link library) files, that contain codes for commonly used program functions. In the Solorigate campaign, hackers managed to add a few benign-looking lines of malicious code, called backdoor, in the SolarWinds Orion Platform DLL, which allowed them to monitor the internal traffic of companies and agencies using the widely used IT administration software.
The backdoor codes allow hackers to read, write, and enumerate files and registry keys, collect and upload device information, and gain control of privileged access and data.
How to Protect Against Solorigate Type Cyber Attacks?
Here are some steps that you can take to improve your cybersecurity posture against such attacks.
- Regardless of how malicious an attacker is, anomalies can always be detected. Organizations and individuals have to thoroughly monitor their environments at all times.
- Although the Solorigate was probably intended for the US government agencies, several private companies were also compromised indicating the extent of collateral damage that such attacks can cause. Consequently, individuals have to proactively take responsibility for their data security.
- Security has to be extended to all levels, starting from source code repositories, tools, and environments, to the third-party software integrations, across the entire infrastructure.
- Guard against alert fatigue, and enable threat intelligence sharing, so that users can be collectively warned.
How Can Microsoft Protect Malicious Cyber Attacks?
Although the Solorigate incident is a grim reminder of how exposed even the most secure organizations are vulnerable to well-orchestrated cyber-attacks, the comprehensive range of products and services by Microsoft can improve the security posture against such attacks.
- Microsoft Defender Antivirus, the default antimalware solution on Windows 10 machines, can detect, block, and quarantines malicious malware files.
- Microsoft Defender for Endpoint helps in detecting abnormal activities and artifacts related to Solorigate on a wide range of platforms including Mac, Linux servers, and Android, apart from Windows machines, and provides remediation tools to investigate and harden endpoint defense.
- Microsoft 365 Defender provides the entire range of Microsoft 365 security portfolio that extends beyond endpoints to identities, data, and cloud apps, to deliver a coordinated defense against such complex cross-domain attacks using Artificial Intelligence and other cutting-edge technologies.
Apps4Rent Can Help with Microsoft Security Solutions
The only way of protecting data and users against increasingly complex cyber-attacks such as the recent Solorigate incident is by hardening networks, reducing the available attack surfaces, deploying strong preventative protection, and enable early detection. While several cybersecurity solutions can provide varying levels of protection, not many can match the comprehensive portfolio of products and services offered by Microsoft.
As a Tier 1 Microsoft CSP, Apps4Rent can provide and configure Microsoft 365 plans to protect your organization from cyber-attacks. We can even help you deploy your workloads in Azure Windows Virtual Desktop with Windows 10 that is protected by Microsoft Defender Antivirus, and help you with appropriate Azure plans that can enhance identity protection. Contact Apps4Rent cloud experts, available 24/7 via phone, chat, and email for Microsoft 365/Office 365 assistance.