BicDroid | News | Solution for Sunburst Penetration

News | BicDroid Provides a Solution for Sunburst Penetration

BicDroid provides a protection solution for SUNBURST penetration

December 21, 2020

In late November 2020, FireEye detected and began analyzing a penetration of their network. The IT network tool Orion by SolarWinds was identified as the Trojan horse used to penetrate FireEye's sophisticated network security. Over the next two weeks, the world would learn that over 18,000 Orion customers had been penetrated. Selected from these penetrations were high value targets in corporate and U.S. government spheres. It is evolving that this may be the largest, successful penetration of computer systems with secret and very sensitive data. And it also appears to have run undetected for over 8 months! This is a large window of opportunity to copy or exfiltrate data. Widely attributed to the Russian group Cozy Bear (aka APT29), it was assigned the code name SUNBURST by FireEye.

An excellent and very detailed analysis of SUNBURST by FireEye has been made publicly available. All computer and network security personnel can glean and learn much from reading it.

As a data security company, BicDroid has studied the FireEye analysis along with information from other sources. In short, BicDroid has found that all users of BicDroid's QDocSE data security product would have full data protection from a SUNBURST attack. Even with APT villains penetrating a computer, the sensitive data protected by QDocSE would have been unreachable to them. Furthermore, QDocSE's monitoring system, CSP, would have alerted customers immediately.

"BicDroid assumes that regardless of how strong your firewall and AV software is, at some point in time your computers will be breached. It's not an if but a when", says Professor Yang, BicDroid CEO, "This attitude is why QDocSE is able to protect against this SUNBURST attack. We have designed our security model to meet and defeat these types of attacks."

While SUNBURST has been targeting Windows systems, the same or virtually identical attacks can be made against Linux systems. Orion by SolarWinds is available for both Windows and Linux systems. Cozy Bear added their malware to Orion after penetrating SolarWind's source code and build systems. It is likely that the team at Cozy Bear has more of their coding skill set with Windows than Linux. "They could have easily created a Linux version too", says Mr. Rodney Ruddock, BicDroid Head of Linux/Unix Security, "It is the same for ransomware these days too. That's why we have QDocSE for both Windows and Linux systems."

BicDroid's QDocSE is a security product for protecting data of any type: source code, databases, images, web pages, etc. The protection happens at several different junctions on the computer. Data is encrypted to ensure that only the QDocSE method of access will provide plain data. The QDocSE security module then limits which programs are allowed access to the protected data, and these select programs along with their DLLs or SOs are monitored and validated with each data access so that no malware ever reads the protected data. Protection is against all users including the administrator. A record of each access attempt (success or failure) along with a heartbeat is sent to the CSP (Central Sentry Platform) which keeps administrators up-to-date – this is something network monitoring tools cannot do. While active, QDocSE cannot be reconfigured which means any villain penetrating a computer cannot add their malware to the list of select programs. Configuration can only be adjusted when a special, time limited file is requested from BicDroid by the customer's specially designated agent.

More details are available here, where a trial of QDocSE can be arranged.

Additional comments and/or quotes about QDocSE, SUNBURST, ransomware or other computer security topics can be made available upon request by getting into contact with us here.

For more information on BicDroid's other products, click here.