"After careful consideration of available information and consultation with interagency partners, Acting Secretary of Homeland Security Elaine Duke today issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to ... identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems," DHS said in a press release today.
The statute expands a Trump administration order issued in September for executive branch agencies to remove Kaspersky products from their computers within 90 days (see Kaspersky Software Ordered Removed From US Gov't Computers).
Kaspersky 90 Days Key
The company is primarily focusing on its smaller partners, and Gerentine said that event the smallest of its partners will be considered, particularly in the case of newer solution provider who have high potential for growth. Coming out of the meeting, partners will have check-ins with the IBM or distributor resources, and key milestones to address at 30, 60, and 90 days after the session.
Over the next several years, ransomware authors experimented with different models of extorting money from victims, including fake antivirus scans, which locked the user's computer and posted a warning on the screen requiring the user to call to "activate" the antivirus license. This evolved into law-enforcement-themed locker ransomware, which locked the victim's computer and posted a notice from law enforcement that accused the user of downloading pirated data or viewing pornography. The victim was told to "pay a fine" in order to have the computer unlocked. "[I]n the early days, attackers tricked victims into downloading fake tools to fix computer issues," wrote Symantec researchers. "Eventually, it dropped any pretense of being a helpful tool to just displaying a blatant request for payment to restore access to the computer."3
The first known SolarWinds Orion update containing the SUNBURST backdoor was "SolarWinds-Core-v2019.4.5220-Hotfix5.msp" (02af7cec58b9a5da1c542b5a32151ba1), which was signed on March 24. This hotfix was released publicly on March 26, according to SolarWind's Orion Platform Hotfix Release Notes. Both these dates are well before April 4, but the SUNBURST code was actually hardcoded not to start until at least 288 hours (12 days) have passed since the executing assembly was written to disk (it actually picks a random wait interval between 288 and 336 hours).
I later learned that what seemed to be truncated domains were actually fragmented domains, where long domain names would be split into multiple queries. This revelation turns the output from RedDrip's python tool into an interesting domain name puzzle. At this point I decided to take a closer look at the malicious SolarWinds update I had downloaded from SolarWind's website a few days ago -- yes, that's right the malicious software update "SolarWinds-Core-v2019.4.5220-Hotfix5.msp" (MD5: 02af7cec58b9a5da1c542b5a32151ba1) was actually available for download from SolarWinds' website long after they had been notified about their software being backdoored!
Dubai, UAE, February 25, 2022: Proofpoint, Inc., a leading cybersecurity and compliance company, today released its 2022 Cost of Insider Threats Global Report to identify the costs and trends associated with negligent, compromised, and malicious insiders. Notably, on average, impacted organisations spent $15.4 million annually on overall insider threat remediation and took 85 days to contain each incident.
Twenty years ago, a typical consumer had only one password, for email, and it was likely the same four-digit number as his or her bank account PIN. Today, online users create a new account every few days, it seems, each requiring a complex password: to access corporate information, purchase socks, pay utility bills, check investments, register to run a 10K, or simply log into a work email system. By 2020, some predict, each user will have 200 online accounts, each requiring a unique password.4 According to a recent survey, 46 percent of respondents already have 10 or more passwords.5 2ff7e9595c
Comments