Supply chain attacks
Considering recent news, how protected are we against a TDR or AuthPoint supply chain attack when we have TDR agents and AD helper installed, plus AuthPoint Gateway if we use 2FA? All of them update on their own, so what is to prevent these being hijacked just as SolarWinds' Orion was hacked?
It is going to get to the point where ANYTHING that auto-updates can be a threat.
I cannot wait to retire!
Sign In to comment.
This is one of the many reasons I won't "fully manage" firewalls via WG Cloud.
Recently, it was SolarWinds' Orion and now Kaseya. If WatchGuard gets hit and the attackers can change the TDR agent, we are screwed because it auto-updates itself. Same thing for antivirus software agents. They may turn our defenses against us.
Check out our Secplicity post about the recent Kaseya attack here: https://www.secplicity.org/2021/07/02/breaking-alert-ongoing-msp-targeted-ransomware-attack-kaseya/
Regarding the TDR Agent auto-updating, you can turn that off if you are concerned. (https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_general_settings_c.html)