Early lessons learned mitigating SolarWinds hack-style Insider Risk
Summary
The SolarWinds hack has spurred new cybersecurity science and awareness, particularly regarding survivorship bias. DHS/CISA has provided guidance on mitigating insider data breach risks posed by APT29, while MITRE is updating its ATT&CK framework to address new stealth operations and privileged identity exploits. The article will review CISA guidance and new ATT&CK techniques for various security roles.
IFF Assessment
The article discusses advanced persistent threats (APTs) and sophisticated attack techniques that pose a significant risk to organizations, indicating bad news for defenders.
Defender Context
Defenders should focus on implementing robust insider risk mitigation strategies, as highlighted by the SolarWinds incident and APT29 activity. Staying updated on evolving ATT&CK techniques and CISA guidance is crucial for effective threat hunting and incident response.