In the past week, much of the technology industry and especially the digital security firms have been talking about the Solorigate attack, which created a backdoor that hackers use for unauthorized access to infected systems. The attacks were being carried out using malicious binaries, and Microsoft was one of the first tech firms to detect the anomalies.
Microsoft prepares Defender
Several days into the attack, Microsoft has released an in-depth analysis of the Solarigate attack and how the software giant is preparing Microsoft Defender to handle such attacks in the future better. The company, however, maintains that the full extent of the episode is yet to unfurl.
The Solorigate attack, apparently named because the attackers executed the payload using a SolarWinds Orion Platform DLL, seems to have affected many devices using the said platform. Research from the Defender team at Microsoft has also found that several areas of SolarWinds Orion Platform are affected and seriously compromised at this point.
Without such a scenario, the attackers wouldn’t have been able to modify a DLL file to include malicious binaries, which, in this case, even allowed remote access to the infected device.
According to Microsoft, the SolarWinds.Orion.Core.BusinessLayer.dll file was responsible for the attack — because that is where the hackers put the malicious code. Security analysis shows that the attackers chose a location that would invoke the action periodically.
Following the creation of a backdoor in the system, the attackers performed a hands-on keyboard attack. The Microsoft Defender team has detailed these steps and equipped Microsoft Windows with the right tools to manage the scenario.
For instance, Microsoft Defender will now be running a four-point checklist that isolates the threat, identifies the infected devices, and uses analytics data to understand the said infection’s traction.
The company says that devices running Microsoft Defender solutions, the endpoint or not, will be secure from the Solarigate attack, thanks to the timely action mentioned earlier. As a bonus, the Defender team also came across another malware while investigating the Solarigate attack’s depth.
If you are looking for ways to deal with the post-attack issues, read this Microsoft blog post.