The Massive SolarWinds Hack Explained in Context
Join my community at JohnCoogan.com (enter your email)
The SolarWinds hack has been extremely interesting to dive into and I’m sure I’ve barely scratched the surface. I’m sure we learn a lot more about exactly who is responsible for it and how they pulled it off in the coming months. It will probably even make for an incredible movie or documentary one day. If you noticed any factual inaccuracies in this video, please comment below with links to sources and I will pin the comment so future viewers are aware.
Key Sources:
Microsoft Analysis: www.microsoft.com/security/bl...
FireEye Analysis: www.fireeye.com/blog/threat-r...
SolarWinds KZread Playlist: • SolarWinds
You can get in touch with me via Twitter: / johncoogan
Disclaimer: This video is purely my opinion and should not be regarded as a primary source. I am not a financial advisor and this is not a recommendation to buy or sell securities. Always do your own due diligence.
Пікірлер: 90
Another great vid John 👌
@JohnCooganPlus
3 жыл бұрын
Thanks a ton Garry! Little bit better each week, that's the goal.
I get this question a lot from business folks. Outstanding job John on describing a complex cybersecurity incident in an entertaining and interesting way!
@JohnCooganPlus
3 жыл бұрын
Glad you liked it! It’s such a wild story!
Great video, I subscribed. Keep making videos this high quality and you're sure to grow this channel.
@JohnCooganPlus
3 жыл бұрын
Thanks a ton Jack! That means a lot! It's been really fun making these, hopefully I can just keep improving a little bit each week.
Thanks for this informative video :) Actually currently doing a project which seeks to understand more about the Solar Winds Hack and how it can impact a business environment. My takeaways: Characteristics of SUNBURST backdoor 1) Lies dormant for 2 weeks. 2) Checks that there are no running processes related to security software (example: Wireshark) 3) Only steals minute amounts of data at a time. Also, the data that is stolen is encrypted and encapsulated within legitimate data. In this way, network monitoring software won't flag out these packets as they represent so-called normal analytics traffic. Also thanks for the compiling the KZread playlist to further understand the Solar Winds Hack :)
@JohnCooganPlus
3 жыл бұрын
So glad you liked it! There are so many interesting details to this story. Unfortunately it's a bit too technical to really get traction in the mainstream press, but I think it's a super important story.
Thanks so much for this, and listing the sources as well! I just got back into cybersecurity, and have been researching this both for my own interests, and because I was asked to be a guest on a podcast discussing this matter. I definitely can understand and follow along, but my skills aren't APT level...yet 🤣. I'll be sure to name you in my sources!
Great video John! Always making really good videos!
@JohnCooganPlus
3 жыл бұрын
Thanks a bunch!
Great explanation and use of infographics and reference material.
@JohnCooganPlus
3 жыл бұрын
Thanks a lot!
Very nice video. You should go into technicalities of the hack. I would binge that :).
@JohnCooganPlus
3 жыл бұрын
Definitely check out the amazing work by Colin Hardy: kzread.info/dash/bejne/n5Z7sJOxodyXmrw.html - his whole channel is really solid: kzread.info/dron/ND1KVdVt8A580SjdaS4cZg.html
And Merry Christmas!
High quality explanation. First time I understood what they meant by SolarWinds hack
@JohnCooganPlus
3 жыл бұрын
That’s great to hear. Glad this helped!
Thank you John, very well said. People remain the weakest link, and corporations should take note to train their employees (and also keep them satisfied reasonably!)
@JohnCooganPlus
3 жыл бұрын
Yes, it always comes down to the humans.
@JohnCooganPlus
3 жыл бұрын
@@nur-azhar unfortunately Oracle isn’t an instant solution to this. The hack runs at a very low level within the systems it infects, so it wouldn’t really matter what database you were using, as long as the infected machine had access to that database, you’re out of luck. Oracle certainly takes security very seriously, so it might be unlikely that a direct attack on your database would succeed. Because SolarWinds Orion has to see network traffic to work, anything that travels across the network once it’s infected is up for grabs. The only real solution is to clean out any machines infected with SunBurst.
Thank you from the informations, i'm preparing for my master thesis about " The effectiveness of US security systems in the face of cyber threats , case study : solarwinds attack " i wanna know if the part name of the case study is right or do you suggest any changes ? i accept any help for that , also if you have any websites or articles about this attack, i will be thankful for your help :)
@JohnCooganPlus
3 жыл бұрын
The name sounds good! I have a few links in the description, as well as a KZread playlist with other videos covering the hack. There is a lot more info out there now, so be sure to find the latest sources.
As development of digital life moves on and therefore the specialization of IT support and development is increasingly diversifying, having the focus on supply chain attacks becomes more and more crucial in companies IT securities...
Merry Christmas
Very well explained, thank you!
@JohnCooganPlus
3 жыл бұрын
You’re welcome!
nice analysis
Great video sir!!
Good video and explanation man.
@JohnCooganPlus
3 жыл бұрын
Thanks!
Really good explanation of the hack!
@JohnCooganPlus
3 жыл бұрын
Thanks a lot! Glad you enjoyed it!
Great analysis!
@JohnCooganPlus
3 жыл бұрын
Thanks dude!
Programmers are not the samething as hackers. Totally different. All hackers can program, few programmers can hack.
@JohnCooganPlus
3 жыл бұрын
Very well said.
@ALTINSEA1
3 жыл бұрын
all hackers can program, script kiddy?
Where can I buy one of those coolers ?
Great narration
@JohnCooganPlus
3 жыл бұрын
Thanks a lot!
LOVE THIS THANK YOU
@JohnCooganPlus
3 жыл бұрын
You're welcome! Glad you enjoyed it!
great and informative video!
@JohnCooganPlus
3 жыл бұрын
Glad you enjoyed it!
Company restructuring after being sold plus possible IT outsourcing to cut cost could lead to this kind of things happened.
@JohnCooganPlus
3 жыл бұрын
Yeah, I feel like if you had a bunch of genius hackers running the company who were just obsessed with security above all else, it probably could have been avoided. A company in this situation probably sees security as a cost center.
Amazing content! great effort thank you 😊 subscribing now
@JohnCooganPlus
3 жыл бұрын
Thanks a lot! I post new videos every week, hope you enjoy them!
Great video.
Great video
Really good video, thanks a lot.
@JohnCooganPlus
3 жыл бұрын
Glad to hear you liked it!
Just subscribed this is amazing
@JohnCooganPlus
3 жыл бұрын
Thanks a ton! Hope you like the channel. I’m always open to feedback (both positive and negative) here or via Twitter DM. Aiming to put out a lot more content like this. Super fun making this video.
Great video!
@JohnCooganPlus
3 жыл бұрын
Thanks!
helpful thank you
@JohnCooganPlus
3 жыл бұрын
No problem!
Good stuff
@JohnCooganPlus
3 жыл бұрын
Thanks!
Still a lot of unanswered questions. For instance if a company had there data encrypted would this hack been able to take that data
@JohnCooganPlus
3 жыл бұрын
Yeah, if the data was encrypted before passing through a hacked machine, then it’s probably fine. The problem is that networks that run SolarWinds Orion tend to deploy the software fairly broadly, and we still don’t know if the hack was able to spread from machine to machine.
@johnfarmer3506
3 жыл бұрын
@@JohnCooganPlus Thanks for the info. Remember always use PGP for encryption. According to Snowden the NSA uses it so they don't develop exploits that could break the encryption keys Also on another point, if it ends up that these are the same guys responsible for several hacks how long until they get hacked. Or have they been hacked already. And if that is the case then who would be responsible for a hacked thermal nuclear explosion?
@JohnCooganPlus
3 жыл бұрын
@@johnfarmer3506 that’s another risk. Fortunately it looks like everyone is patching systems and shoring up security now!
@johnfarmer3506
3 жыл бұрын
@@JohnCooganPlus Until this or another group of hackers find another way to exploit a system. Lets hope that the state sponsors of hacking can keep their security 100% full proof or is that an impossibility
dude you have 1.7k subs how did you get the verified checkmark?
@JohnCooganPlus
2 жыл бұрын
hahah long story, but basically I was verified on Google Plus like 10 years ago and it transferred over.
Why this video have only 3k views ? it should be in millions. Keep making videos. You can also start a series like episodes in which you can explain these hacks in detail en.wikipedia.org/wiki/List_of_security_hacking_incidents
@JohnCooganPlus
3 жыл бұрын
Wow, that means a lot coming from someone with a linux profile photo. I'm not an infosec guy by profession, just a minor hobby. Really glad that you enjoyed the video! I'll definitely be doing more coverage of hacks. There really isn't that much content out there about security breaches. It's all either very high level "hack happened, stock went down" or super technical "watch me tinker with the binary for an hour" lol
@theD2
3 жыл бұрын
@@JohnCooganPlus Good Luck! btw Its not just linux profile photo. I AM a Linux Admin since 2016 :)
@JohnCooganPlus
3 жыл бұрын
@@theD2 huge flex! 💪
🎉🎉
The ones (executives) who needs to get more serious about subject only blame and don’t have responsibility. If process aren’t built begin a top level, how are you supposed to give examples for staff members.
@JohnCooganPlus
3 жыл бұрын
Yes, I think it's extremely important to have highly technical people in positions of power at large tech companies. It's very dangerous when the expert who actually understands the technology is 3 layers down from the CEO and has anything he says get filtered through a series of business-focused summaries.
I don't want to add a thumbs up to your video because it's on a magical lucky number 777...lol
Israel
@JohnCooganPlus
3 жыл бұрын
No evidence that they are involved in SolarWinds...