Introducing Our SolarGate MITRE Threat Profile

by Kath Kennelly

SolarWinds may be the largest supply chain breach, but it’s not the first major supply chain attack leading to devastating financial and reputational costs. The software development and build process used by SolarWinds is common throughout the software industry. According to Sonatype’s 2020 State of the Software Supply Chain report, 90% of all applications contain open-source code - and only 11% have known vulnerabilities. 

Per the Palo Alto Networks Advisory, there are three initial phases identified from the SolarStorm intrusion:  

1. A SolarWinds Orion server updates its software and downloads the malicious update containing the SUNBURST backdoor.  
2. SUNBURST then sends DNS requests to check in with the attacker, which contain information identifying the organization. The attacker chooses to designate some organizations as being of interest for further intrusion.  
3. For SUNBURST to gain further access into the network, additional steps are needed, starting with downloading and executing an additional malicious payload. 

CyberGRX Threat Profile 

Security is a multi-step process requiring controls for timeliness, strength, and coverage across the enterprise and its third parties.

In response to this breach, we launched the SolarGate MITRE^® Threat Profile via our Framework Mapper feature. This capability provides customers an in-platform tool that visualizes associated attack methods and prioritizes critical controls for remediation and is mapped to the techniques and tactics identified by MITRE ATT&CK framework. The focus is to identify preventative controls addressed in the MITRE techniques. By applying tactics, techniques, and procedures (TTPs) used by threat actors of the SolarWinds breach, CyberGRX’s Threat Profile can help identify major security gaps amongst third parties. Customers can now quickly identify potentially impacted third parties as new, sophisticated threats emerge as well as assess their security posture based on CyberGRX’s system-scoped assessment controls. (Register for the feature demo here)

Initial access was targeted in various different ways by the attackers and remains a key tactic to initiate a breach. Below are some key control areas that must be assessed and validated across the portfolio.   

 


Conclusion 

While security will always be compromised by human error, there are preventative measures that can be implemented to limit risk. CyberGRX’s SolarGate MITRE^® Threat Profile categorizes gaps based on business structure and industry which enables customers and vendors across multiple industries to get visibility and prevent and halt threats.  

Given the state of the ongoing SolarWinds breach, now, more than ever, evolving tools to rapidly evolving combat supply chain compromise techniques is needed. With CyberGRX’s MITRE^® Threat Profile, customers now have a tool that breaks down threats and provides sophisticated mitigation controls.  

Register for the demo here!