Jack Rhysider
๐ค SpeakerAppearances Over Time
Podcast Appearances
So hackers broke into a company and copied the source code for that product.
But yeah, Sophos' main product is their firewall.
This is a network device that will act as a wall between a protected network and an unprotected one.
Out of the box, nothing is allowed to pass.
You have to tell it exactly what you want to allow through because the point of a firewall is to stop unwanted traffic from coming into your network.
And believe me, there's a lot of unwanted traffic that's always trying to get into our networks.
And in 2014, they bought another company called CyberRome, which was also making an interesting security product.
And it was this newly acquired CyberRome network, which was the victim of this attack.
Someone had gotten into CyberRome and was looking for their source code and found it for one of their products, which Craig and his team had to go clean up that intrusion.
the attackers had really unique methods for getting in, not methods that were publicly known at the time, super sneaky and crafty ways to get into a network.
And they got in through multiple ways.
And then when they got in, they were able to move laterally in really unique ways too, so unique that the Sophos team had no idea that stuff was even possible.
It was like exploiting bugs in the way AWS handles identity.
One problem, though, is that they didn't have enough monitoring at first to know exactly what these hackers saw or took.
They assumed because they got access to the repository with the source code that they took the source code, but they were unsure.
So they had to enable a lot more logging and monitoring to fully eradicate them from the cyber realm network.
Andrew wrote this attack up because it was so interesting and new and published it on the Sophos blog, but didn't say who the target was.