• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

Paravision banner
  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Directory
  • Podcasts

SolarWinds Hackers Guessed Passwords: CISA

January 8, 2021

SolarWinds Hackers Guessed Passwords: CISA

The hackers who orchestrated the infamous SolarWinds attack also accessed networks by exploiting weak password practices, according to researchers with the Cybersecurity and Infrastructure Security Agency.

The SolarWinds attack generated headlines when it was discovered that sophisticated malware had been used to breach the widely used IT management software. With SolarWinds being so prominent in government IT, CISA has been investigating the incident, and is now reporting that the same hackers – thought to be affiliated with the Russian government – also gained access to government systems through techniques other than the SolarWinds malware injection.

“CISA incident response investigations have identified that initial access in some cases was obtained by password guessing, password spraying, and inappropriately secured administrative credentials accessible via external remote access services,” CISA asserts in its new report.

It’s another illustration – perhaps the most startling yet – of the weakness of password-based security in the present day. And while the primary attack method was through the injection of malware through a SolarWinds update, as Nextgov reports, SolarWinds itself had reportedly been using a simple, easy-to-guess password for its own update server.

Other, more sophisticated methods of attack were also used, however, with some researchers asserting that the SolarWinds hackers even found a way to use a stolen secret key to bypass the 2FA security of the Outlook Web App.

That, like the password breaches, points to the need for highly secure authentication credentials such as biometrics, which can’t be hacked or stolen. Biometric security is gaining traction in the government sector, and as the full extent of the SolarWinds attack becomes clear, it could help to add a sense of urgency to the implementation of such security systems going forward.

Sources: Nextgov, CNET

–

January 8, 2020 – by Alex Perala

Related News

  • LastPass Report Finds Most People Reuse Passwords Despite Knowing the RisksLastPass Report Finds Most People Reuse Passwords Despite Knowing the Risks
  • Thales Report Shows Many Businesses Still Rely on Outdated PasswordsThales Report Shows Many Businesses Still Rely on Outdated Passwords
  • WEF: Biometric Authentication Should Replace Passwords in Wake of COVID-19 PandemicWEF: Biometric Authentication Should Replace Passwords in Wake of COVID-19 Pandemic
  • LexisNexis Cybercrime Report Reflects Accelerating Rate of Mobile AttacksLexisNexis Cybercrime Report Reflects Accelerating Rate of Mobile Attacks
  • Security Vulnerabilities Left iPhone Users Open to Attack: Google ResearchersSecurity Vulnerabilities Left iPhone Users Open to Attack: Google Researchers
  • Breached CBP Data Used to Train Biometric Face Matching: ReportBreached CBP Data Used to Train Biometric Face Matching: Report

Filed Under: News Tagged With: Biometric, biometrics, cyberattacks, cybersecurity, data breaches, government biometrics, malware, password security, passwords, SolarWinds

Primary Sidebar

PREMIER PARTNERS

ID4Africa to Focus on Crisis Response at Marathon of Innovations
NEC Neoface Express

Read the Latest 2020 Year in Review Analysis:

Thales digital ID

Sponsored Links

AU10TIX, an identity management company headquartered in Israel, provides critical, modular solutions to link physical and digital identities so that companies and their customers can confidently connect.

CMITech is a leading provider of high performance, cost effective iris recognition systems. The company is setting the industry standard for advanced user interfaces that are fast, intuitive and effortless. Serving enrollment and authentication solutions of all sizes, CMITech systems include binoculars-type, wall mount, desktop, and kiosk-type product configurations.

Onfido is building the new identity standard for the internet.Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics. That’s how we give companies like Revolut, Zipcar and Bitstamp the assurance they need to onboard customers remotely and securely. Our mission is to create a more open world, where identity is the key to access.. For more information, please visit
www.onfido.com
TECH5 is an international technology company headquartered in Geneva, Switzerland, with branches in the US, Europe and Asia, dedicated to the design, development, and distribution of biometrics-driven Identity Management solutions. Target markets include Government and Private sectors with products powering Civil ID, Digital ID, eKYC, Digital Onboarding, Visitor Management and others. Learn more:
www.tech5.ai
ThreatMark brings trust to the digital world by providing cutting-edge fraud prevention solutions. Major banks use ThreatMark's AI-powered technology and behavioral biometrics to build secured banking experience to precisely verify their legitimate users, seamlessly across all digital channels. All while securing the users' most precious assets and keeping the fraudsters away. Learn more:
www.threatmark.com/
NEC Neoface Express
MobileIDWorld

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

IDEMIA big box

Recent Posts

  • PayEye Teams With Advapay on Biometric Payments
  • Fingerprint Cards Reaches Mobile Milestone
  • SITA Highlights Key Tech to Revive Air Travel Industry
  • Uniphore Enters Video Analytics Market With Emotion Research Labs Acquisition
  • What the Biometrics Year in Review Survey Can Tell Us About COVID-19 Attitudes

Biometric Associations

IBIA and fido
BIO-key One plus One

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives

Follow Us

Copyright © 2021 FindBiometrics