Related Links

ExtraHop, the pioneer in cloud-native network detection and response, releases a security report offering an in-depth look at the methods cybercriminals used to evade detection during the months before the SolarWinds SUNBURST exploit was discovered.

The report also reveals significant increases in suspicious network activity that went largely ignored due to the privileged and trusted status of SolarWinds within the IT environment. As part of the report, ExtraHop also released an expanded list of over 1,700 SUNBURST indicators of compromise (IOCs) as observed across affected environments protected by Reveal(x), critical information that can help organizations determine if and to what extent they’ve been compromised.

Traditional detection methods

During its own investigation, and through its work with customers to help detect and remediate the SUNBURST exploit, ExtraHop threat researchers found that between late March 2020 and early October 2020, detections of probable malicious activity increased by approximately 150 percent.

ExtraHop detections of probable malicious activity increased between late March 2020 and early October 2020

These detections which included lateral movement, privilege escalation, and command and control beaconing, evaded the more traditional detection methods like endpoint detection and response (EDR) and antivirus. Activity patterns outlined in the report indicate that the SUNBURST attackers were successful in flying under the radar of these detection methods either by disabling them, or by redirecting their approach before they could be detected.

Other detection methods

Unfortunately, what we found when investigating SUNBURST is that the activity was actually detected on the network,” said Jeff Costlow, Deputy CISO, ExtraHop. “But because other detection methods weren’t alerting on the activity, it largely went ignored. In this case, the attack was strategically designed to evade those detections, and we can expect more similar attacks to follow. It’s an important reminder that the network doesn’t lie.”

In addition to shedding new light on how the SUNBURST attackers were able to dwell within the network unchecked for so long, the report delves into several case studies on how ExtraHop customers investigated and remediated the exploit within their own environments. The case studies include details on how customers were able to use historical metrics to determine the duration of the compromise, as well as which systems and data may have been impacted.

Find out about secure physical access control systems through layered cybersecurity practices.

Related videos

Find Lost Wallet with Dahua WizSeek

Find Lost Wallet with Dahua WizSeek
Dahua Traffic Signal Controller Highlight

Dahua Traffic Signal Controller Highlight
Insta DomainLink Secret™

Insta DomainLink Secret™

In case you missed it

Which Vertical Markets Have The Greatest Growth Potential For Security?
Which Vertical Markets Have The Greatest Growth Potential For Security?

To serve various vertical markets and industries effectively, security professionals must recognize that each sector has unique assets, risks, compliance requirements, and operatio...

eCLIQ Enhances Security At Marin Hospital Of Hendaye
eCLIQ Enhances Security At Marin Hospital Of Hendaye

The Marin Hospital of Hendaye in the French Basque Country faced common challenges posed by mechanical access control. Challenges faced Relying on mechanical lock-and-key technol...

What’s Behind (Perimeter) Door #1?
What’s Behind (Perimeter) Door #1?

A lot has been said about door security — from reinforced door frames to locking mechanisms to the door construction — all of which is crucial. But what security measur...

Featured white papers
The Key To Unlocking K12 School Safety Grants

The Key To Unlocking K12 School Safety Grants

Download
Honeywell GARD USB Threat Report 2024

Honeywell GARD USB Threat Report 2024

Download
Physical Access Control

Physical Access Control

Download
The 2024 State Of Physical Access Trend Report

The 2024 State Of Physical Access Trend Report

Download
The Security Challenges Of Data Centers

The Security Challenges Of Data Centers

Download
More corporate news
Schlage Reveals Their Refreshed Brand Promise And Renewed Identity In Delivering Home Security Solutions

Schlage Reveals Their Refreshed Brand Promise And Renewed Identity In Delivering Home Security Solutions
Zenitel Announces LenelS2 Factory Certification As A Part Of The OpenAccess Alliance Program

Zenitel Announces LenelS2 Factory Certification As A Part Of The OpenAccess Alliance Program
MicroWorld Announces The Elevation Of Shweta Thakare To The Position Of Vice President Of Global Sales & Marketing

MicroWorld Announces The Elevation Of Shweta Thakare To The Position Of Vice President Of Global Sales & Marketing
Featured products
KentixONE – IoT Access And Monitoring For Data Centers

KentixONE – IoT Access And Monitoring For Data Centers
Climax Technology HSGW-Gen3 Modular Smart Security Gateway

Climax Technology HSGW-Gen3 Modular Smart Security Gateway
Delta Scientific DSC50 ‘S’ Barrier: Portable, Crash-Rated Vehicle Mitigation Solution

Delta Scientific DSC50 ‘S’ Barrier: Portable, Crash-Rated Vehicle Mitigation Solution