Outbound network filtering is a free tactic to help improve protection against supply chain attacks, accomplished by limiting outbound network connections to known and approved flows. This ensures a server can only communicate with pre-defined destinations on the internet, preventing the server (or the software it hosts) from communicating with cybercriminals’ command and control servers.
If a server can communicate without restriction, it's easy to exfiltrate large stores of data within a few days. This measure makes it harder for malware to "phone home" to report that they've gained a foothold in someone's environment. Blocking such connections will also create "noise," making it easier for your team to catch such attacks early.
In most cases, filtering can be implemented using existing tools and firewalls. Organisations typically start by establishing a baseline and identifying existing outbound connections. Then rules are implemented denying all unexpected connections to unknown destinations.
70% of Solarwinds’ clients were not impacted by the 2020 attack because the servers on which Solarwinds was installed were not able to communicate with the threat actors. This could have been 100% if their remaining clients had been as proactive about filtering for outbound connections.Brandon WelchCyber Service Team Lead - West - Cyber Services
The information set forth in this communication is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Although reasonable care has been taken in preparing the information set forth in this communication, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. Non-insurance products and services are provided by non-insurance company Beazley affiliates and independent third parties. Separate terms and conditions may apply.