fbpx

Representative offices 

Request callback
btn

Crowdstrike's response to recent supply chain attacks

News

You have probably heard the latest news that attackers have used SolarWinds software to access corporate networks of many large institutions around the world.

An important signal is that after this kink, SolarWinds became a customer of CrowdStrike. This is a special message to our partners to keep you updated.

WHAT HAPPENED?

The recent high-profile disclosure of a supply chain attack on software by advanced attackers made it clear that identity-centric attacks are now an integral part of the kinks. Attacks that exploit this type of vulnerability, based on the use of "lateral movement" for further actions when performing penetrations. In doing so, they use valid credentials to access the victim's corporate network, as this approach leaves fewer traces of presence. In fact, after attackers gain access to the victim's network, the attack uses multiple credentials, making it even more difficult to detect.

HOW DOES CROWDSTRIKE PROTECT CUSTOMERS?

The most important thing to know is that CrowdStrike clients are protected from recent attacks! The CrowdStrike Intelligence Team obtained various trojanized binaries and reverse engineering them for additional details, including Indicators of Compromise (IOC) and Indicators of Attack (IOA), in addition to those publicly disclosed. All harmful hostnames, IP addresses, URLs, binary hashes, registry keys and other IOCs have been added to CrowdStrike ThreatGraph. CrowdStrike analysts have added two dozen new IOAs to detect tradecraft, signaling real host compromise, as opposed to detecting the simple presence of trojanized modules. In addition, the company has deployed various tools and capabilities on the Falcon platform to help facilitate the identification of potentially affected hosts, in particular:

  • A new SUNBURST vulnerability dashboard that identifies hosts with IOCs associated with this vulnerability, including the ability to inspect, endpoint devices have compromised files in the last 90 days.
  • The scorecard allows customers to determine if there has been evidence of file or host damage over the past year.
  • Finally, customers can see Sunburst IOC detections on hosts with Cloud ML detection enabled.

CrowdStrike launched the Sunburst public information site so that organizations can learn how to avoid the harmful effects of this fracture. This website provides information on how organizations can determine if they are not compromised, what can be done to remediate breaches, and how to protect infrastructure.

Please refer your clients to the Resource Center CrowdStrike,
https://www.crowdstrike.com/sunburst/ to learn more about how they can protect their corporate network from the threat Sunburst.

Back

en_GBEnglish
ukUkrainian ru_RURussian en_GBEnglish