The SolarWinds Breach & Code Signing

"It’s hard to overstate how bad this is." - Bruce Schneier Sometime before March 2020, hackers working for the Russian SVR hacked into SolarWinds and slipped a backdoor into an Orion software update. Users who downloaded and installed that corrupted update were subject to a supply-chain attack that allowed a malicious hacking group access to unknown quantities of sensitive data. Orion software is used by very sensitive companies (more than 400 of the Fortune500 largest companies and a lot of government agencies) to monitor all of their IT. So how did this happen? Why didn't code signing prevent a third party from injecting bad code? To protect yourself against this type of attack you might want to think about keeping a tight inventory on the cryptographic assets that make code signing work. A cryptographic key inventory starting with the private key that actually signs your updates, and includes information about how you measure access to keys, how you store keys, and who has access to keys. - More about key inventory in our white paper: https://cryptosense.com/whitepapers/cryptography-inventory-whitepaper/ - HSMs and how they get breached: https://www.youtube.com/playlist?list=PLA-8aGQm6tkIgd8-zi4PtCO79qmmtKyCm - Cryptography breaches: https://www.youtube.com/playlist?list=PLA-8aGQm6tkLoaLzuoxv_IIxTH3uMLgSD ///// Find out more about Cryptosense: https://cryptosense.com/ Follow us on Twitter: https://twitter.com/cryptosense ///// Cryptosense CEO Dr. Graham Steel was formerly an academic researcher before founding Cryptosense in 2013. His cryptography expertise is the basis for the company's 'Analyzer' technology which allows customers to protect themselves against losing sensitive data.