“The way the adversary behind the SolarWinds hack used legitimate credentials to execute a widespread compromise of public and private-sector entities should spur the creation of new guidance on protecting identities, especially as organizations move to the cloud, a Cybersecurity and Infrastructure Security Agency official said.
‘With regards to identity, I think that the guidance should be updated to go with the cloud,’ CISA Technical Strategist Jay Gazlay told the National Institute of Standards and Technology’s Information Security and Privacy Advisory Board Wednesday.
Gazlay provided a forensic brief of the hacking campaign, which leveraged a trojanized update from network management company SolarWinds and techniques like password spraying to gain unauthorized access to at least nine federal agencies and more than 100 private companies. He described actions NIST and the broader government should take in the wake of the breaches, focusing on protection and detection.
‘Our takeaway from this at CISA’s space is that identity is everything now,’ he said, noting that the level of success the adversary achieved with tactics like password spraying was not normal. ‘We can talk about our network defenses, we can talk about the importance of firewalls and network segmentation, but really identity has become the boundary, and we need to start readdressing our infrastructures in that manner’…” Read the full article here.
Source: CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise – By Mariam Baksh, March 3, 2021. Nextgov.