Crowdstrike deployed after attack on US agencies

By now, you may have heard of the massive Solar Winds malware hack that was used to steal information from the US Treasury, NIH, US Dept of Homeland Security and other government agencies. The malware appears to have been introduced into Solar Winds’ Orion software by Russian hackers. “This is looking like it’s the worst hacking case in the history of America,” one US official said. “They got into everything.”

https://apnews.com/article/technology-malware-hacking-russia…

Apparently, 18,000 Solar Winds customers could have been hit by the malware, which gives an attacker visibility into the victim’s computer network. Initially, FireEye’s systems were compromised to gain information about US federal agencies. Microsoft worked with FireEye to take over the malicious domain and activated a “kill switch”.

To prevent this type of attack in future, Solar Winds has rolled out CrowdStrike’s Falcon Endpoint Protection across the endpoints on its systems. This is great publicity for Crowdstrike, and should lead to more Falcon deployments by companies that don’t have it yet.

https://www.crn.com/news/security/solarwinds-deploys-crowdst…

-Ron
Long CRWD

136 Likes

Speaking from recent experience recovering from an attack, and talking with other companies we know or work with there has been a variety of attacks on private companies by Russians. There is an exceptional amount of attacks happening right now and they vary in scope how they are performed and the damage they do. We have observed Russians hiring people on Social Media and message boards. It ranges from IT people to help them break in, to offering Bit Coin payments for credentials to access a network. Yes they are giving money and sharing the profits with the very people who are employed by the companies they attack. In the end besides unplugging from the internet there is no way to completely stop the attacks, your firewalls, multi factor authentication, virus/malware software, intrusion detection, end point security (I could go on and on) will not prevent it if they really want to get in. Some of the attacks were planned months in advance while the hackers are scoping out your network planting the seeds over time. Even with sophisticated protection you’d be surprised what simple paths exist to undermine it all, and on the flip side the extent they will go to break in when security is super tight.

On an interesting note and somewhat amusing, they are starting to attack Linux based NAS and SAN storage devices, not just Windows computers which are popular and the brunt of the attacks. Interestingly enough if the device is located in Belarus, Ukraine or Russia the attack will stop protecting their own people/companies.

So far we have confirmed personally with others that Panda, Cylance, Avast, Eset and WebRoot have been defeated, disabled and did absolutely nothing to prevent attacks. Many companies hide that they have been hacked and will not confirm or share details which is unfortunate. Knowing how the attack took place and what steps were taken to spread it are really important in helping everyone else avoid the same fate.

I don’t think any of these security companies are immune and eventually they will have a failure. If they do I suspect you will see a temporary drop in price and I would not panic, everyone still needs to do the best they can to protect themselves and Cyber Security spending will increase dramatically short term and ongoing if the attacks persist.

50 Likes

Even Microsoft was breached: expect to see many more come forward in the near future.
https://www.msn.com/en-au/news/other/exclusive-microsoft-bre…

The other night I was listening to Senator Richard Blumenthal talk about how the government will need to invest very heavily in cyber security to prevent similar incidents in the future. The words “act of war” are coming out of a lot of Senators mouths after this. I think CRWD benefits, still wondering who else will?

6 Likes

I think CRWD benefits, still wondering who else will?

Start looking at storage companies that use proprietary storage to combat these attacks especially ransomware that is running rampant right now. These companies will prevail vs security I think, because in the end keep the data away from the hackers has become more important than ever since breaching security has been done many times with small, medium and giant security companies.

For example:
Pure Storage, Inc. (PSTG)

Just my opinion and PSTG is one example, look around. :slight_smile:

6 Likes

When I researched Datadog, SolarWinds Orion didn’t come up in lists of competitors. Looking at the company now, it seems that Orion would compete with Datadog in ISM and APM.

SolarWinds (SWI) does about $1 billion in revenue, is growing in the low double digit percentages, is GAAP profitable. Do any of the tech experts on the board have an opinion on SolarWinds Orion vs. Datadog?

https://www.solarwinds.com/solutions/orion

https://www.gartner.com/reviews/market/it-infrastructure-mon…

Mike

2 Likes

"I think CRWD benefits, still wondering who else will?

My list:

#1 : CRWD > Best player out there (and probably undisputed) for overall security.

#2 : DDOG> Unifies the developers, operations, and security teams into one platform ( and they are just getting started!)

#3 : FSLY> ( now with the Signal Sciences)

#4 : SNOW > Comprehensive Data Security for your most sensitive data with features like dynamic data masking and end-to-end encryption for data in transit and at rest.

Cheers!

ronjonb

P.S. With today’s rise, CRWD is nearing a 30% + position for me. Followed by DDOG, SNOW ( which I got in pretty early after the IPO at around $240 and have been buying more recently). It’s a 10% position now. And my FSLY position is sightly greater than NET for reasons you know well.

21 Likes

Great news for Crowdstrike. However, re-highlighting the biggest security exposure above: We have observed Russians hiring people on Social Media and message boards. It ranges from IT people to help them break in, to offering Bit Coin payments for credentials to access a network. Yes they are giving money and sharing the profits with the very people who are employed by the companies they attack. In the end besides unplugging from the internet there is no way to completely stop the attacks, your firewalls, multi factor authentication, virus/malware software, intrusion detection, end point security (I could go on and on) will not prevent it if they really want to get in.

No amount of encryption at rest, encryption in transit, endpoint protection, URL validation or password vault etc etc solutions can defend a company from employees with authorized access to sensitive and financially valuable data who get an offer they can’t refuse to sell it. If AT29 is willing to pay millions of dollars for the right data, unless a company has extraordinarily strong internal controls, they are going to get some employee to take or provide back door access to the data, get paid and walk away. People have pushable buttons, weaknesses, wants, secrets and vulnerabilities.

16 Likes