User Tools

Site Tools


wiki:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

wiki:start [2021/01/10 12:03]
dk created
wiki:start [2021/01/10 12:21] (current)
dk
Line 24: Line 24:
   *        System Services: Service Execution [T1569.002]   *        System Services: Service Execution [T1569.002]
   *        Compromise Infrastructure [T1584]   *        Compromise Infrastructure [T1584]
 +
 +====== Mitigation steps ======
 +
 +  * Implementing multi factor authentication.
 +  * Monitoring all services for any changes in tokens or keys and for malicious activities.
 +  * Re-evaluating API key integrations,​ SAML integrations and website configuration files.
 +  * Review all system and security policies.
 +  * Resetting user credentials.
 +  * Consider security auditing.
 +
 +====== Links to get started ======
 +
 +[[https://​github.com/​fireeye/​sunburst_countermeasures|FireEye counter measures]]
 +
 +[[https://​github.com/​bambenek/​research/​blob/​main/​sunburst/​uniq-hostnames.txt|Sunburst unique Hostnames]]
 +
 +[[https://​blog.securityonion.net/​2020/​12/​solarwinds-supply-chain-attack.html|Security onion blog]]
 +
 +[[https://​www.solarwinds.com/​securityadvisory|Solarwinds Security Advisory]]
 +
 +[[https://​socprime.com/​blog/​sunburst-backdoor-detection-solarwinds-supply-chain-attack-on-fireeye-and-us-agencies/​|SOC prime]]
 +
 +[[https://​www.compassitc.com/​blog/​solarwinds-sunburst-hack-and-you-thought-2020-couldnt-get-any-worse|Compass ITC]]
 +
 +
 +
 +
 +
  
wiki/start.1610260428.txt.gz · Last modified: 2021/01/10 12:03 by dk