ExtraHop – a global company in cloud-native network detection and response – have recently published a white paper that reveals there was a major surge in suspicious network activity that went unnoticed during the period of the SolarWinds ‘SUNBURST’ hack in 2020.
In the report, ExtraHop provide details of how the company’s threat researchers found that between March 2020 and October 2020 detections of malicious activity increased by 150%. They also detail the methods cyber-criminals used to evade detection prior to the attack.
ExtraHop published the following on their website: ‘During its own investigation, and through its work with customers to help detect and remediate the SUNBURST exploit, ExtraHop threat researchers found that between late March 2020 and early October 2020, detections of probable malicious activity increased by approximately 150 percent.
‘These detections which included lateral movement, privilege escalation, and command and control beaconing, evaded the more traditional detection methods like endpoint detection and response (EDR) and antivirus. Activity patterns outlined in the report indicate that the SUNBURST attackers were successful in flying under the radar of these detection methods either by disabling them, or by redirecting their approach before they could be detected.’
Jeff Costlow, Deputy CISO at ExtraHop, remarked: “Unfortunately, what we found when investigating SUNBURST is that the activity was actually detected on the network but because other detection methods weren’t alerting on the activity, it largely went ignored.
“In this case, the attack was strategically designed to evade those detections, and we can expect more similar attacks to follow. It’s an important reminder that the network doesn’t lie.”
To read the full article and to download ExtraHop’s detailed white paper, visit: https://www.extrahop.com/company/press-releases/