The lessons from the massive cyber attack that befell US IT management solutions provider SolarWinds continue to reverberate more than two years after it happened, continuing to serve as a warning that organisations need to remain vigilant amid an increase in global hacking campaigns.
The reality, however, is that future supply-chain attacks cannot be stopped because there is no way to tell if and when an organisation has been or would be breached until it may be too late, just as in SolarWinds' case, said Peter Firstbrook, a research vice president at Gartner.
"Nobody's going to convince me that there's a checklist or something you could've done before the SolarWinds attack that would've prevented your organisation from buying the SolarWinds product and installing it in your network," Mr Firstbrook said at the research firm's Security and Risk Management Summit on Monday.
"There really isn't a good example of making one think, 'you know what, these guys may be infected in the future, therefore, I think, we shouldn't buy this very powerful and very useful utility and put it in our network'. The security person who said that would get laughed at in the room."
A supply-chain attack uses a supplier to attack downstream customers; a company could become a victim where its customers are being impacted, or another organisation upstream could be infected and they infiltrate your organisation.
SolarWinds was among a number of companies breached in the widescale cyber attack that came to light in December 2020 after going undetected for a year. The hacking continues to reverberate today, with the growing threat of similar supply-chain attacks expected to increase further.
Considered one of the worst cyber espionage cases in history, the attackers exploited software credentials from SolarWinds and other US companies, including Microsoft and VMware, and used them to infiltrate several American federal departments, while also affecting global organisations such as the UK government, the European Parliament and Nato.
Nobody's going to convince me that there's a checklist or something you could've done before the SolarWinds attack that would've prevented your organisation from buying the SolarWinds product and installing it in your network
Peter Firstbrook,
research vice president at Gartner
Tim Brown, the chief information security officer of Texas-based SolarWinds, told The National last October that the company recovered well in the aftermath of the cyber attack and said its experience should serve as a warning to other companies.
Mr Firstbrook said due diligence should be done, but the ability to spot that potential breach implant is extremely low.
"You should be prepared to respond. Nation state attacks show where the market and adversaries are going: whatever nation states do this year, you can assume that the ransomware authors will be doing next year."
He discussed a number of key points that organisations need to keep in mind and put in place that can help mitigate — if not totally prevent — cyber breaches.
Always 'assume breach'
Having the mindset of "assume breach" — a concept that assumes an attack will happen or has happened — is the only valid approach to cyber security, Mr Firstbrook said.
In the SolarWinds debacle, hackers were in very sophisticated organisations such as FireEye, Mimecast and Microsoft for up to nine months and these companies had no idea.
"We always have to assume that there’s something going on and we haven’t found it yet, [just like the] concept of zero trust, wherein you trust nobody until they verify who they are," he said.
You can't just buy 'security'
Having the most popular and most expensive security tools are never enough to safeguard your infrastructure; policy, procedure and smart operators are critically important to implement an effective security programme. FireEye was the first to publicly announce the SolarWinds breach after one smart operator used multi-factor authentication to try and verify suspicious activity.
"Despite all of the tools they had, the one thing that caught the infection and started the clean-up operation was a smart operator who was following organisational procedures," Mr Firstbrook said.
Identity and access management system is clearly a rich target
Attackers today are increasingly using stolen credentials to game the credential system in order to move laterally with impunity — and they look authentic, escaping detection.
Mr Firstbrook said while most organisations do think of their identity infrastructure and spend huge amounts on it, they tend to overlook those who are able to access it.
"Most are focused on letting the good guys in, but very few focus on how to secure this 'Tower of Babel' infrastructure. Once data has piled up over the years, how do you know who's who?"
APIs, often ignored, are now bigger targets
There is a so-called perimeter within IT infrastructure that must be defended, and today identity is the new perimeter, treated the same way as firewalls were before.
However, the other perimeter organisations are missing is that identity isn’t just about people — it’s also about devices and things as machine identity becomes more important.
In the SolarWinds breach, attackers found they gained access to a security provider’s environment, which had access to the Microsoft Office 365 environment. They got the keys for that vendor’s application programme interface and used that to attack their customers’ environments.
"Every application is a collection of APIs [Application Programming Interface], and yet in most organisations I ask who’s in charge of API security, there are blank stares around the table," Mr Firstbrook said, pointing out the lack of accountability in machine identity.
Configuration is as important as quality
A lot of organisations may have a broad portfolio of best-in-breed security tools, but if the people who installed those tools aren't there, the new ones manning the system may not know what has been done that could potentially compromise the infrastructure.
Mr Firstbrook recommends that configuring and tuning systems must be done at least annually to ensure system credibility.
However, "the best authority for configuration and guidance are the vendor themselves; work with them to make sure systems function as expected", he said.
Privileged servers must be profiled
Privileged servers — those which grant special access to certain users — are perfect targets for attacks, they can potentially be exploited for uses other than legitimate purposes.
Mr Firstbrook said administrators should know what these privileged users are going to do with the information accessed and how they behave while accessing them.
"There are tools that can profile these servers, assign some parameters on how it behaves and find out why they do things they're not supposed to do. If there is any anomaly, an alert can be triggered."
UK's plans to cut net migration
Under the UK government’s proposals, migrants will have to spend 10 years in the UK before being able to apply for citizenship.
Skilled worker visas will require a university degree, and there will be tighter restrictions on recruitment for jobs with skills shortages.
But what are described as "high-contributing" individuals such as doctors and nurses could be fast-tracked through the system.
Language requirements will be increased for all immigration routes to ensure a higher level of English.
Rules will also be laid out for adult dependants, meaning they will have to demonstrate a basic understanding of the language.
The plans also call for stricter tests for colleges and universities offering places to foreign students and a reduction in the time graduates can remain in the UK after their studies from two years to 18 months.
Killing of Qassem Suleimani
More from Neighbourhood Watch:
Mohammed bin Zayed Majlis
The five pillars of Islam
1. Fasting
2. Prayer
3. Hajj
4. Shahada
5. Zakat
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
The%C2%A0specs%20
%3Cp%3E%3Cstrong%3EEngine%3A%20%3C%2Fstrong%3E4.4-litre%2C%20twin-turbo%20V8%0D%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3Eeight-speed%20auto%0D%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E617hp%0D%3Cbr%3E%3Cstrong%3ETorque%3A%20%3C%2Fstrong%3E750Nm%0D%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3Efrom%20Dh630%2C000%0D%3Cbr%3E%3Cstrong%3EOn%20sale%3A%20%3C%2Fstrong%3Enow%3C%2Fp%3E%0A
First Person
Richard Flanagan
Chatto & Windus
Islamophobia definition
A widely accepted definition was made by the All Party Parliamentary Group on British Muslims in 2019: “Islamophobia is rooted in racism and is a type of racism that targets expressions of Muslimness or perceived Muslimness.” It further defines it as “inciting hatred or violence against Muslims”.
Ronaldo's record at Man Utd
Seasons 2003/04 - 2008/09
Appearances 230
Goals 115
Avatar: Fire and Ash
Director: James Cameron
Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana
Rating: 4.5/5
Lexus LX700h specs
Engine: 3.4-litre twin-turbo V6 plus supplementary electric motor
Power: 464hp at 5,200rpm
Torque: 790Nm from 2,000-3,600rpm
Transmission: 10-speed auto
Fuel consumption: 11.7L/100km
On sale: Now
Price: From Dh590,000
AGL AWARDS
Golden Ball - best Emirati player: Khalfan Mubarak (Al Jazira)
Golden Ball - best foreign player: Igor Coronado (Sharjah)
Golden Glove - best goalkeeper: Adel Al Hosani (Sharjah)
Best Coach - the leader: Abdulaziz Al Anbari (Sharjah)
Fans' Player of the Year: Driss Fetouhi (Dibba)
Golden Boy - best young player: Ali Saleh (Al Wasl)
Best Fans of the Year: Sharjah
Goal of the Year: Michael Ortega (Baniyas)
Why seagrass matters
- Carbon sink: Seagrass sequesters carbon up to 35X faster than tropical rainforests
- Marine nursery: Crucial habitat for juvenile fish, crustations, and invertebrates
- Biodiversity: Support species like sea turtles, dugongs, and seabirds
- Coastal protection: Reduce erosion and improve water quality
The specs
Engine: 2-litre 4-cylinder and 3.6-litre 6-cylinder
Power: 220 and 280 horsepower
Torque: 350 and 360Nm
Transmission: eight-speed automatic
Price: from Dh136,521 VAT and Dh166,464 VAT
On sale: now
Apple's%20Lockdown%20Mode%20at%20a%20glance
%3Cp%3EAt%20launch%2C%20Lockdown%20Mode%20will%20include%20the%20following%20protections%3A%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMessages%3A%3C%2Fstrong%3E%20Most%20attachment%20types%20other%20than%20images%20are%20blocked.%20Some%20features%2C%20like%20link%20previews%2C%20are%20disabled%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EWeb%20browsing%3A%3C%2Fstrong%3E%20Certain%20complex%20web%20technologies%2C%20like%20just-in-time%20JavaScript%20compilation%2C%20are%20disabled%20unless%20the%20user%20excludes%20a%20trusted%20site%20from%20Lockdown%20Mode%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EApple%20services%3A%20%3C%2Fstrong%3EIncoming%20invitations%20and%20service%20requests%2C%20including%20FaceTime%20calls%2C%20are%20blocked%20if%20the%20user%20has%20not%20previously%20sent%20the%20initiator%20a%20call%20or%20request%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%20Wired%20connections%20with%20a%20computer%20or%20accessory%20are%20blocked%20when%20an%20iPhone%20is%20locked%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConfigurations%3A%3C%2Fstrong%3E%20Configuration%20profiles%20cannot%20be%20installed%2C%20and%20the%20device%20cannot%20enroll%20into%20mobile%20device%20management%20while%20Lockdown%20Mode%20is%20on%3C%2Fp%3E%0A
KEY%20DATES%20IN%20AMAZON'S%20HISTORY
%3Cp%3E%3Cstrong%3EJuly%205%2C%201994%3A%3C%2Fstrong%3E%20Jeff%20Bezos%20founds%20Cadabra%20Inc%2C%20which%20would%20later%20be%20renamed%20to%20Amazon.com%2C%20because%20his%20lawyer%20misheard%20the%20name%20as%20'cadaver'.%20In%20its%20earliest%20days%2C%20the%20bookstore%20operated%20out%20of%20a%20rented%20garage%20in%20Bellevue%2C%20Washington%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EJuly%2016%2C%201995%3A%3C%2Fstrong%3E%20Amazon%20formally%20opens%20as%20an%20online%20bookseller.%20%3Cem%3EFluid%20Concepts%20and%20Creative%20Analogies%3A%20Computer%20Models%20of%20the%20Fundamental%20Mechanisms%20of%20Thought%3C%2Fem%3E%20becomes%20the%20first%20item%20sold%20on%20Amazon%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E1997%3A%3C%2Fstrong%3E%20Amazon%20goes%20public%20at%20%2418%20a%20share%2C%20which%20has%20grown%20about%201%2C000%20per%20cent%20at%20present.%20Its%20highest%20closing%20price%20was%20%24197.85%20on%20June%2027%2C%202024%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E1998%3A%3C%2Fstrong%3E%20Amazon%20acquires%20IMDb%2C%20its%20first%20major%20acquisition.%20It%20also%20starts%20selling%20CDs%20and%20DVDs%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2000%3A%3C%2Fstrong%3E%20Amazon%20Marketplace%20opens%2C%20allowing%20people%20to%20sell%20items%20on%20the%20website%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2002%3A%3C%2Fstrong%3E%20Amazon%20forms%20what%20would%20become%20Amazon%20Web%20Services%2C%20opening%20the%20Amazon.com%20platform%20to%20all%20developers.%20The%20cloud%20unit%20would%20follow%20in%202006%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2003%3A%3C%2Fstrong%3E%20Amazon%20turns%20in%20an%20annual%20profit%20of%20%2475%20million%2C%20the%20first%20time%20it%20ended%20a%20year%20in%20the%20black%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2005%3A%3C%2Fstrong%3E%20Amazon%20Prime%20is%20introduced%2C%20its%20first-ever%20subscription%20service%20that%20offered%20US%20customers%20free%20two-day%20shipping%20for%20%2479%20a%20year%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2006%3A%3C%2Fstrong%3E%20Amazon%20Unbox%20is%20unveiled%2C%20the%20company's%20video%20service%20that%20would%20later%20morph%20into%20Amazon%20Instant%20Video%20and%2C%20ultimately%2C%20Amazon%20Video%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2007%3A%3C%2Fstrong%3E%20Amazon's%20first%20hardware%20product%2C%20the%20Kindle%20e-reader%2C%20is%20introduced%3B%20the%20Fire%20TV%20and%20Fire%20Phone%20would%20come%20in%202014.%20Grocery%20service%20Amazon%20Fresh%20is%20also%20started%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2009%3A%3C%2Fstrong%3E%20Amazon%20introduces%20Amazon%20Basics%2C%20its%20in-house%20label%20for%20a%20variety%20of%20products%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2010%3A%3C%2Fstrong%3E%20The%20foundations%20for%20Amazon%20Studios%20were%20laid.%20Its%20first%20original%20streaming%20content%20debuted%20in%202013%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2011%3A%3C%2Fstrong%3E%20The%20Amazon%20Appstore%20for%20Google's%20Android%20is%20launched.%20It%20is%20still%20unavailable%20on%20Apple's%20iOS%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2014%3A%3C%2Fstrong%3E%20The%20Amazon%20Echo%20is%20launched%2C%20a%20speaker%20that%20acts%20as%20a%20personal%20digital%20assistant%20powered%20by%20Alexa%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2017%3A%3C%2Fstrong%3E%20Amazon%20acquires%20Whole%20Foods%20for%20%2413.7%20billion%2C%20its%20biggest%20acquisition%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3E2018%3A%3C%2Fstrong%3E%20Amazon's%20market%20cap%20briefly%20crosses%20the%20%241%20trillion%20mark%2C%20making%20it%2C%20at%20the%20time%2C%20only%20the%20third%20company%20to%20achieve%20that%20milestone%3C%2Fp%3E%0A
A list of the animal rescue organisations in the UAE
Skoda Superb Specs
Engine: 2-litre TSI petrol
Power: 190hp
Torque: 320Nm
Price: From Dh147,000
Available: Now
Specs
Engine: Dual-motor all-wheel-drive electric
Range: Up to 610km
Power: 905hp
Torque: 985Nm
Price: From Dh439,000
Available: Now
MATCH INFO
Schalke 0
Werder Bremen 1 (Bittencourt 32')
Man of the match Leonardo Bittencourt (Werder Bremen)
The specs
AT4 Ultimate, as tested
Engine: 6.2-litre V8
Power: 420hp
Torque: 623Nm
Transmission: 10-speed automatic
Price: From Dh330,800 (Elevation: Dh236,400; AT4: Dh286,800; Denali: Dh345,800)
On sale: Now
