The Solarwinds incident is breathtaking in its scope, but it was also such a huge and delicate house of cards. It will take a long time to clear every organization, but really, one flagged bad device login brought so much infrastructure crashing down.
8
68
2
474
This really lends credence to the “adversaries only have to succeed once and defenders have to succeed all the time” mantra being bunk. One defender was successful once at a point in basic defense, and a bite got taken out of a very costly instrusion into multiple organizations.
11
15
5
140
I don’t know how much the adversary spent on this operation, but I would speculate that they have already recouped that value in intelligence. Plus now there is the cost to businesses who have to respond/remediate. Vastly successful op from the adversary perspective.
1
1
1
That goes both ways, you know. They burned a ton of TTPs.
1
Replying to @hacks4pancakes @knightsbr1dge
No doubt. I’m still speculating it’s a net win for the attackers.

Jan 19, 2021 · 6:51 PM UTC

1
2
Replying to @hal_pomeranz @knightsbr1dge
🤷🏻‍♀️🍸 I choose to take a glass half full on this one, because nobody else is. Honestly, the IR work on this is monotonous, but not really hard.
1
2
My bottom-line is positively impacted, but I wish we lived in a world where all of this technical ability (on both sides) could be more focused on improving outcomes for the whole planet rather than one particular tribe.
1
2
more replies