Download PDF version Contact company
Related Links

ExtraHop, the pioneer in cloud-native network detection and response, releases a security report offering an in-depth look at the methods cybercriminals used to evade detection during the months before the SolarWinds SUNBURST exploit was discovered.

The report also reveals significant increases in suspicious network activity that went largely ignored due to the privileged and trusted status of SolarWinds within the IT environment. As part of the report, ExtraHop also released an expanded list of over 1,700 SUNBURST indicators of compromise (IOCs) as observed across affected environments protected by Reveal(x), critical information that can help organisations determine if and to what extent they’ve been compromised.

Traditional detection methods

During its own investigation, and through its work with customers to help detect and remediate the SUNBURST exploit, ExtraHop threat researchers found that between late March 2020 and early October 2020, detections of probable malicious activity increased by approximately 150 percent.

ExtraHop detections of probable malicious activity increased between late March 2020 and early October 2020

These detections which included lateral movement, privilege escalation, and command and control beaconing, evaded the more traditional detection methods like endpoint detection and response (EDR) and antivirus. Activity patterns outlined in the report indicate that the SUNBURST attackers were successful in flying under the radar of these detection methods either by disabling them, or by redirecting their approach before they could be detected.

Other detection methods

Unfortunately, what we found when investigating SUNBURST is that the activity was actually detected on the network,” said Jeff Costlow, Deputy CISO, ExtraHop. “But because other detection methods weren’t alerting on the activity, it largely went ignored. In this case, the attack was strategically designed to evade those detections, and we can expect more similar attacks to follow. It’s an important reminder that the network doesn’t lie.”

In addition to shedding new light on how the SUNBURST attackers were able to dwell within the network unchecked for so long, the report delves into several case studies on how ExtraHop customers investigated and remediated the exploit within their own environments. The case studies include details on how customers were able to use historical metrics to determine the duration of the compromise, as well as which systems and data may have been impacted.

Download PDF version Download PDF version

Related videos

DNAKE S-series video door phone

DNAKE S-series video door phone
Install in minutes, no tech required: DNAKE intercom kit IPK04 & IPK05

Install in minutes, no tech required: DNAKE intercom kit IPK04 & IPK05
Case study: Gunes Park Evleri̇, Turkey

Case study: Gunes Park Evleri̇, Turkey

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...

Featured white papers
Palm vein recognition

Palm vein recognition

Download
The key to unlocking K12 school safety grants

The key to unlocking K12 school safety grants

Download
Selecting the right network video recorder (NVR) for any vertical market

Selecting the right network video recorder (NVR) for any vertical market

Download
Physical access control

Physical access control

Download
Cybersecurity for enterprise: The essential guide to protecting your business

Cybersecurity for enterprise: The essential guide to protecting your business

Download
Quick poll
What is the most significant challenge facing smart building security today?
More corporate news
Schlage reveals their refreshed brand promise and renewed identity in delivering home security solutions

Schlage reveals their refreshed brand promise and renewed identity in delivering home security solutions
Zenitel announces LenelS2 factory certification as a part of the OpenAccess Alliance Program

Zenitel announces LenelS2 factory certification as a part of the OpenAccess Alliance Program
MicroWorld announces the elevation of Shweta Thakare to the position of Vice President of Global Sales & Marketing

MicroWorld announces the elevation of Shweta Thakare to the position of Vice President of Global Sales & Marketing
Featured products
Verkada Command Connector for Camera Integration & Cloud Management

Verkada Command Connector for Camera Integration & Cloud Management
Hikvision One-Stop SMB Solutions

Hikvision One-Stop SMB Solutions
Dahua X-spans Wizmind Network PTZ Camera

Dahua X-spans Wizmind Network PTZ Camera