core SolarWinds DLL file and distributed backdoor software through SolarWinds’ official website.  Using
            a  technique  called  Living  off  the  Land  (LotL),  the  malicious  DLL  is  called  using  the  valid  signed
            executable,  SolarWinds.BusinessLayerHost.exe,  and  thus  considered  a  trusted  process.    Trusted
            processes are not scanned by security software.


            Once the malicious process was started, it began running a checklist of 9 environmental tests (see figure
            2. SolarWinds Strict Environment Check) to see if it could activate undetected.




































            Figure 2 SolarWinds Strict Environment Check



            Fighting AI with AI


            The effects on businesses attacked with weaponized AI are significant and include:

               •  Ransomware Infection: Attackers use weaponized AI attacks to bypass security systems, build
                   connections with their command & control (C&C) server, and automatically download ransomware
                   executables.
               •  Data Breach: Attackers splice sensitive data and append as hosts to computer-generated domain
                   names and send these as DNS requests to their servers.  The hostnames are reassembled into
                   exfiltrated data.
               •  Assets Under Attacker Control: Attackers control assets for illegal activity (Cryptomining/DDoS as
                   a Service, etc.)

            These cause disruption to business operations with great financial and operational impact.





                                                                                                              57