Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events Acronis #CyberFit Summit 2021 Avaya Newsroom Experiences That Matter Cisco Partner Summit Digital 2020 Intel Partner Connect 2021

10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact

From how nation-state hackers evaded detection to why federal agencies were ordered to immediately power down Orion to its impact on the SolarWinds MSP business, here are the most important things to know about the SolarWinds breach.

Back 1 ... 8   9   10   11   Next
photo

3. Hackers Forged Tokens To Impersonate Privileged Accounts

The hackers used administrative permissions acquired through on-premises compromise of SolarWinds Orion to access a victim’s trusted SAML token-signing certificate, said John Lambert, distinguished engineer in Microsoft’s Threat Intelligence Center. This enables them to forge SAML tokens that impersonate any of the organization’s existing users and accounts, including highly privileged accounts.

A compromised token-signing certificate can be used against any on-premises resources (regardless of identity system or vendor) as well as against any cloud environment (regardless of vendor) because they have been configured to trust the certificate, Lambert wrote in a blog posted Sunday. Because the SAML tokens are signed with their own trusted certificate, the anomalies might be missed by the victim.

Using highly privileged accounts acquired through this technique, Lambert said attackers may add their own credentials to existing application service principals, enabling them to call APIs with the permission assigned to that application.

 
 
Back 1 ... 8   9   10   11   Next

sponsored resources