fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Shares CodeQL Queries To Scan Code For SolarWinds-like Implants

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj

Microsoft Shares CodeQL Queries To Scan Code For SolarWinds-like Implants

Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack.

In December, it was disclosed that threat actors hacked SolarWinds to modify the legitimate SolarWinds Orion platform in a supply-chain attack. This attack allowed the threat actors to gain remote access to customers’ systems who use the SolarWinds Orion network management platform.

Microsoft disclosed that their systems were compromised by this supply-chain attack and allowed the attackers to access limited amounts of source code for Azure, Exchange, and Intune.

To make sure the attackers did not modify their code, Microsoft created CodeQL queries that were used to scan their codebase for malicious implants matching the SolarWinds IOCs.

Today, Microsoft has released their SolarWinds CodeQL queries so that users can scan their source code for potential malicious implants.

“In this blog, we’ll share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.”

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

“We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may perform a similar analysis,” announced Microsoft in a new blog post.

Using these queries, developers can check their software for malicious modifications similar to those used in the SolarWinds supply-chain attack.

CodeQL queries scan for malicious SolarWinds implants

CodeQL is a semantic code analysis engine that allows developers to query their code for syntactic data or behavior similar to specific functionality.

Semantic code analysis does not check whether source code is syntactically correct but instead matches the “meaning” of the code.

Using CodeQL, developers can build a database of functionality and syntactic elements from their codebase and query it for a particular behavior.

Developers can then share CodeQL queries publicly to allow other devs to scan their code for similar functionality.

With Microsoft’s release of SolarWinds CodeQL queries, developers can scan their source codebase for functionality or syntactic code elements that match those used by the malicious implants from the SolarWinds attack.

CodeQL query to find modified FNV-A1 hash function
CodeQL query to find modified FNV-A1 hash function

Microsoft’s CodeQL queries check for a wide range of behavior used by the SolarWinds implants, including command and control communication, a modified FNV-1A hash function, use of Windows APIs found in backdoor functionality, and “time-bomb” functionality.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

Microsoft warns that some of these CodeQL queries can find similar behavior in benign code, so it is essential to manually review any detections to ensure they are not false positives.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us