INFO5301 Analysing Security Incidents
1.2How did the incident happen?
Answer: Hackers secretly broke into Texas-based SolarWind’s systems and added mali-
cious code into the company’s software system. The system, called “Orion,” is widely used
by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion.
SolarWind sent out regular software updates to their customers that included the hacked
code.
The code created a backdoor to customer’s information technology systems, which hackers
then used to install even more malware that helped them spy on companies and organisa-
tions. Up to 18 000 customers installed the updates and became vulnerable to the attacks.
This incident was detected after months by a cybersecurity firm ‘FireEye’ when it noticed
that its own systems were hacked.
1.3 What could have done to prevent the incident?
Answer:
- Check common vulnerabilities and improve security measures to avoid them being ex-
ploited
- Use latest updates and patches
- Improve perimeter security measures
- Select outsourcing companies through a proper evaluation and risk assessment. Out-
sourced companies should be able to provide the security measures up to the client’s stan-
dards.
Duration: 20 min
Exercise 2:
Dyn Inc. is an Internet performance management and web application security company,
that offers domain registration services and email products. Dyn’s servers became a target
for a DDoS attack on December 2016.
According to The Guardian news article, “David Fidler, adjunct senior fellow for cybersecu-
rity at the Council on Foreign Relations, said he couldn’t recall a DDoS attack even half as
big as the one that hit Dyn.”
Reference:
The Guardian, News article on DDoS attack that disrupted internet was largest of its kind
in history, experts say
Research on this security incident and answer the following questions
2.1 What are the consequences of the incident?
Answer:
- The Dyn DDoS attack set a record at 1.2 Tbps
Information Security Management Page 2of 5