The SolarWinds Hack
The manual supply chain attack against SolarWinds’ Orion network monitoring platform has sent shockwaves throughout the world, with suspected Russian government hackers gaining access to U.S. government agencies, critical infrastructure entities and private sector organizations.
The injecting of malicious code into Orion between March and June 2020 allowed hackers believed to be with the Russian intelligence service, or APT29, to compromise Microsoft and FireEye, as well as U.S. Departments of Defense, State, Treasury, Homeland Security and Commerce, according to reports from Reuters and others.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal civilian agencies Sunday to power down SolarWinds Orion products until all hacker-controlled accounts and identified persistence mechanisms have been removed. CISA said it has evidence of additional initial access vectors beyond SolarWinds Orion, but noted those other intrusion methods are still being investigated.
Michael Dell: Public Cloud Isn’t More Secure Than On-Premise
‘The things that led to a lot of these attacks are human-induced that can occur in a public cloud, can occur in a private cloud – it can occur anywhere,’ says Dell Technologies CEO Michael Dell.
Mimecast Axes SolarWinds Orion For Cisco NetFlow After Hack
Mimecast has decommissioned its SolarWinds Orion software and replaced it with a Cisco NetFlow monitoring system after hackers compromised a Mimecast certificate used for Microsoft authentication.
Microsoft’s Brad Smith Drags AWS, Google Over SolarWinds Response
‘There are other companies that... have not even alerted their customers or others that they were a victim of a SolarWinds-based attack. These are companies where their own infrastructure was used to launch the attack,’ says Microsoft’s Brad Smith.
AWS: SolarWinds Hackers Used Our Elastic Compute Cloud
‘The actors used EC2 just like they would use any server they could buy or use anywhere (on-premises or in the cloud). And, in fact, the actors did use several different service providers in this manner,’ AWS tells CRN.
SolarWinds To Spend Up To $25M On Security Following Attack
SolarWinds says the money will be put toward security initiatives as well as used to cover higher costs around both insurance and professional fees stemming from the massive cyberattack.
Partners: AWS Must Come Clean On Role In SolarWinds Hack
‘I do wonder whether AWS has made a judgment error in not coming out to publicly defend their position in this high-profile case with such far reaching consequences,’ says Karl Robinson of AWS partner Logicata.
10 Boldest Statements From The SolarWinds Senate Hearing
Senators and tech executives discussed how the SolarWinds hackers used AWS’ infrastructure, took advantage of Microsoft’s authentication process, dwelled in FireEye’s systems and remained undetected for months.
U.S. Senators: AWS Infrastructure Used In SolarWinds Attack
‘The operation we’ll be discussing today uses [Amazon’s] infrastructure, [and], at least in part, required it to be successful. Apparently they were too busy to discuss that here with us today,’ says Sen. Marco Rubio, R-Fla.
U.S. Plans Russian Sanctions For SolarWinds Breach: Report
The Biden administration plans to classify the SolarWinds campaign as ‘indiscriminate’ and ‘disruptive’ to distinguish it from espionage activities the U.S. conducts against adversaries, The Washington Post reported.
Microsoft On-Premises Warning: Customers Must Protect Their Own Identity Infrastructure
‘We were also reminded of the importance of cloud technology over on-premises software. Cloud technologies like Microsoft 365, Azure and the additional premium layers of services available as part of these solutions improve a defender’s ability to protect their own environment,’ writes Vasu Jakkal, Microsoft’s corporate vice president of security, compliance and identity, in a blog post.
SolarWinds Hackers Kept Going After Microsoft Until January
The SolarWinds hackers first viewed a file in a Microsoft source repository in November, and were able to download source code for its Azure, Exchange and Intune cloud-based products.
SolarWinds MSP Building New IT Systems Prior To N-able Launch
‘As we look to design the new N-able systems, we‘re going to have the benefit of all that [threat actor] knowledge and these world class experts to help us design this,’ says SolarWinds MSP President John Pagliuca.
SolarWinds MSP Hunts For New Security Chief Following Split
‘Tim [Brown, VP of Security] has been a fantastic advisor to the 25,000 MSPs that we have. So, we’re bummed. But we understand. So, we’re looking to see if we can clone him,’ says SolarWinds MSP President John Pagliuca.
10 Bold Statements From SolarWinds MSP After The Orion Hack
From comments on switching up CEOs and weeks of silence to building new IT systems and giving MSPs free security products, here’s a look at 10 notable remarks made by SolarWinds MSP President John Pagliuca and VP of Security Tim Brown.
SolarWinds Hacked From Inside U.S., 100+ Orgs Compromised
‘As a country, we choose to have both privacy and security. [As a result], the intelligence community largely has no visibility into private sector networks,’ says Anne Neuberger, a top Biden administration cybersecurity official.
Microsoft: No Evidence SolarWinds Was Hacked Via Office 365
‘The wording of the SolarWinds 8K [regulatory] filing was unfortunately ambiguous, leading to erroneous interpretation and speculation, which is not supported by the results of our investigation,’ Microsoft said Thursday.
Alex Stamos Attributes SolarWinds Hack To Russian Intel Service
New SolarWinds consultant Alex Stamos says the Russian foreign intelligence service is responsible for the massive hacking effort, although SolarWinds itself isn’t attributing the attacks to a specific group or nation.
SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad Based Attack
SolarWinds CEO Sudhakar Ramakrishna has verified suspicious activity in its Office 365 environment, with a company email account compromised and used to access accounts of targeted SolarWinds staff in business and technical roles.
Mimecast To Lay Off 80 Workers Weeks After Disclosing Hack
Mimecast CEO Peter Bauer says cutting 4 percent of its workforce will help the company provide more resources to enterprises while leveraging automation and efficiency for mid-market and SMB customers.
Kevin Mandia: Discovering SolarWinds Hack ‘Validates Our Intelligence and Expertise’
‘This breach got everybody to recognize there‘s a way to compromise some of the most secure organizations on the planet in a surreptitious way, and that alarmed people,’ says FireEye CEO Kevin Mandia.
Chinese Hackers Exploit SolarWinds To Steal Federal Payroll Info: Report
Suspected Chinese hackers took advantage of another SolarWinds Orion vulnerability to spread across networks and break into computers at the National Finance Center and other U.S. agencies, Reuters said.
Sophos CEO Kris Hagerman’s 10 Boldest Remarks From Best Of Breed Virtual Winter 2021
From surging sales and profitability and securing the supply chain to combating complexity and doubling down on detection and response, here’s a look at 10 notable statements made by Sophos CEO Kris Hagerman.
SolarWinds Hack ‘One Of The Most Dramatic’ In Last Decade: Sophos CEO
‘You cannot think about your security only in the context of, ‘How well am I secured?’ You’ve got to go beyond that to say, ‘How well am I secured and how well am I securing everything that I connect to?’’ says Sophos CEO Kris Hagerman.
Fidelis Targeted By SolarWinds Hackers After Installing Orion
Fidelis Cybersecurity was a target of interest to the SolarWinds hackers after downloading an evaluation copy of trojanized SolarWinds Orion network monitoring software in May, the company disclosed Tuesday.
Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access
Mimecast said Tuesday that its certificate compromise was carried out by the same threat actor behind the SolarWinds attack and provided hackers with access to customers’ on-premises and cloud services.
5 Security Vendors That Have Reported Cyberattacks Since December
Five cybersecurity vendors disclosed in recent weeks that hackers have attacked their internal systems, compromised their certificates or attempted to access their email accounts. Here’s a rundown of what happened when.
SolarWinds Hackers Access Malwarebytes’ Office 365 Emails
‘Attackers leveraged a dormant email production product within our Office 365 tenant that allowed access to a limited subset of internal company emails,’ Malwarebytes CEO Marcin Kleczynski wrote in a blog post.
SolarWinds Hack Could Cost Cyber Insurance Firms $90 Million
‘Although the SolarWinds attack is a cyber catastrophe from a national security perspective, insurers may have narrowly avoided a catastrophic financial incident to their businesses,’ says BitSight’s Samit Shah.
5 Things To Know About The Mimecast Hack And Stock Drop
From the type of certificate likely compromised to the impact of this hack on Mimecast’s email security rivals to whether the attack is tied to the SolarWinds breach, here are five big things to know about the Mimecast hack.
Hackers Compromise Mimecast Certificate For Microsoft Authentication
The certificate used to authenticate Mimecast’s Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) products to Microsoft 365 has been compromised by a sophisticated threat actor.
Hackers Taunt FireEye’s Kevin Mandia At Home With Postcard: Report
The FBI is investigating a mysterious postcard sent to CEO Kevin Mandia’s home days after FireEye found initial evidence of a hacking operation on federal agencies and private businesses, Reuters reports.
SolarWinds CEO: Attack Was ‘One Of The Most Complex And Sophisticated’ In History
Hackers first accessed SolarWinds in September 2019 and went out of their way to avoid being detected by the company’s software development and build teams, SolarWinds CEO Sudhakar Ramakrishna says.
SolarWinds’ New CEO Will Make These 5 Changes Post-Hack
From resetting privileged credentials and re-signing all digital certificates to manually checking source code and rolling out threat hunting software, here are five critical security improvements new SolarWinds CEO Sudhakar Ramakrishna plans to make.
SolarWinds Fights Back With Chris Krebs, Alex Stamos Hires
‘Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies. We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review,’ SolarWinds tells CRN.
SolarWinds Hackers Compromise Confidential Court Filings
The Russian hackers behind the SolarWinds attack have apparently compromised the federal courts’ electronic case filing system, putting ‘highly sensitive non-public documents’ at great risk.
SolarWinds To Pay Ex-CEO $312K To Assist With Investigations
SolarWinds has agreed to pay former CEO Kevin Thompson $62,500 for each of the next five months as the embattled company faces a likely wave of lawsuits and government probes into its conduct around the hack.
SolarWinds Hackers Got Into U.S. Justice Department’s Emails
‘At this point, the number of potentially accessed Office 365 mailboxes appears limited to around 3 percent, and we have no indication that any classified systems were impacted,’ the Justice Department announces.
Feds: SolarWinds Breach Is Likely Russian Intel Gathering Effort
Nearly ten U.S. government agencies experienced follow-on activity on their systems after being compromised through a malicious SolarWinds Orion update, the Cyber Unified Coordination Group says.
SolarWinds Hit With Class-Action Lawsuit Alleging Securities Violations
The first class-action lawsuit brought against SolarWinds following its colossal breach accuses the company of making materially false and misleading statements about its security posture throughout 2020.
SolarWinds Hackers Gain Access To Microsoft’s Source Code
One Microsoft account compromised by suspected Russian hackers had been used to view source code in a number of source code repositories, but none of the code itself was altered, Microsoft disclosed Thursday.
Here Are 24 Reported Victims Of The SolarWinds Hack (So Far)
From tech giants, internet service providers and IT solution providers to federal agencies and county governments, here’s a deeper look at 24 of the publicly identified victims of the colossal SolarWinds hack.
CrowdStrike Fends Off Attack Attempted By SolarWinds Hackers
The suspected Russian hackers behind the massive SolarWinds attack attempted to hack CrowdStrike through a Microsoft reseller’s Azure account but were ultimately unsuccessful, CrowdStrike says.
Five Solution Providers Breached By SolarWinds Hackers: Researchers
The SolarWinds hackers called for proceeding with the second stage of their attack on Stratus Networks, Digital Sense, ITPS and Netdecisions, and had an unknown response to compromising Deloitte, Truesec says. Digital Sense said it wasn’t impacted by the campaign since the company doesn’t use SolarWinds.
Top Treasury Email Accounts Exposed In SolarWinds Hack: Report
The hackers performed a complex step inside Microsoft Office 365 to create an encrypted “token” that tricked the Treasury’s system into thinking the hackers were legitimate users, The New York Times said.
Microsoft: A 2nd Group May Have Also Breached SolarWinds
A ‘different threat actor’ may be responsible for the malware known as Supernova that has been found installed in SolarWinds Orion.
Kevin Mandia: 50 Firms ‘Genuinely Impacted’ By SolarWinds Attack
FireEye CEO Kevin Mandia acknowledges the SolarWinds hack ‘is an attack very consistent with’ what the Russian foreign intelligence service is known for, but didn’t want to officially blame the campaign on them.
Intel, Nvidia Swept Up In SolarWinds Attack: WSJ
The chipmakers say they are investigating the impact of downloading a software update containing malicious code for SolarWinds Orion — the trigger that has left many SolarWinds customers vulnerable — though there is no evidence of any negative impact.
Unclassified Treasury Systems Hit By SolarWinds Hack: Mnuchin
‘At this point, we do not see any break-in into our classified systems. Our unclassified systems did have some access,’ Secretary of the Treasury Steve Mnuchin tells CNBC Monday morning.
Trump Downplays SolarWinds Hack, Pompeo Blames Russia
‘Russia, Russia, Russia is the priority chant when anything happens because Lamestream [Media] is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!),’ Trump tweeted.
Cisco Hacked Through SolarWinds As Tech Casualties Mount
Roughly two dozen computers in a Cisco lab were compromised through malicious SolarWinds Orion updates, Bloomberg reported. Cisco says there isn’t currently any known impact to its offers or products.
Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack
‘Now is a time to remain vigilant and take an active role in hardening systems against these, now known, tactics,’ Datto CISO Ryan Weeks writes in a blog post announcing the scanner.
VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report
A VMware vulnerability that allowed federated authentication abuse was used by the SolarWinds hackers to attack valuable targets, KrebsOnSecurity said. VMware said it didn’t have any indication of this happening.
SolarWinds Should Have Been More ‘Vigilant’: Palo Alto Networks CEO
‘I am not going to give them a free pass,’ says Palo Alto Networks CEO Nikesh Arora. ‘They should have been more vigilant and diligent, but I think this is a very sophisticated, very complex attack. The fact they (the Russians) got in there not only did they do sophisticated things, they also got lucky that this is a piece of software which then went unnoticed for six to nine months, and now it’s embedded in the infrastructure of thousands of customers.’
SolarWinds Hack Compromised 40-plus Microsoft Customers
A decisive plurality – 44 percent – of the Microsoft customers compromised through SolarWinds are actually in the IT sector, and include software and security firms as well as IT services and equipment providers.
Microsoft Breached Via SolarWinds As Scope Of Destruction Widens: Report
Suspected Russian hackers capitalized on Microsoft’s wide use of SolarWinds to infiltrate the software giant, and then used Microsoft’s own products to further their attacks on other victims, Reuters said. Microsoft pushed back on the report.
SolarWinds Deploys CrowdStrike To Secure Systems After Hack
SolarWinds says its breached Orion network monitoring platform now meets the security requirements of U.S. federal and state agencies following the release of a final hotfix Tuesday night.
Feds: SolarWinds Attack ‘Poses a Grave Risk’ To Government, Business
The U.S. government says it has evidence of additional initial access vectors beyond the SolarWinds Orion supply chain compromise, but noted that those other attack methods are still being investigated.
SolarWinds MSP To Revoke Digital Certificates For Tools, Issue New Ones As Breach Fallout Continues
‘I think they’re afraid. They’ve got liability, and they don’t know what to say, so everybody’s told to keep their mouth shut. Instead of being focused on the issue at hand, they’re worried about lawsuits,” SolarWinds MSP partner Rich Delany tells CRN.
SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst
‘There are a lot of white knuckles around this attack ... Even though much of it is unknown, right now people are fearing the worst,’ Daniel Ives of Wedbush Securities tells CRN.
Malware Used In SolarWinds Attack Can Now Be Blocked: FireEye
‘Under certain conditions, the malware would terminate itself and prevent further execution... This killswitch will affect new and previous... infections by disabling... deployments that are still beaconing to avsvmcloud[.]com,’ FireEye tells CRN.
Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny
Microsoft has become ensnared in probes surrounding the colossal U.S. government hack, with media reports and company messages focusing on Office 365, Azure Active Directory and a key domain name.
$286M Of SolarWinds Stock Sold Before CEO, Hack Disclosures
Silver Lake and Thoma Bravo said they weren’t aware of the cyberattack at the time of the sale, but didn’t respond to questions about whether they knew Sudhakar Ramakrishna had been selected as SolarWinds’ next CEO.
10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact
From how nation-state hackers evaded detection to why federal agencies were ordered to immediately power down Orion to its impact on the SolarWinds MSP business, here are the most important things to know about the SolarWinds breach.
Homeland Security Latest Breach Victim Of Russian Hackers: Report
A spokesman said the Department of Homeland Security is aware of reports of a breach and is currently investigating the manner. The U.S. Treasury and Commerce Departments were also reportedly hacked.
US Calls On Federal Agencies To Power Down SolarWinds Orion Due To Security Breach
An emergency directive issued by the U.S. government calls on all federal civilian agencies to disconnect or power down SolarWinds Orion IT management tools because they are being used to facilitate an active exploit.
Infected SolarWinds Updates Used To Compromise Multiple Organizations: FireEye
Nation-state hackers gained access to government, consulting, technology and telecom firms around the world through trojanized updates to SolarWinds’ Orion network monitoring tool, according to FireEye .
8 Big Things To Know About The State-Sponsored FireEye Hack
From who’s suspected to be behind the FireEye hack and how they remained hidden, to what FireEye and intelligence officials are doing to minimize the fallout from the attack, here’s a look at what partners need to know.
FireEye Hacked By Nation-State Group Seeking Government Info
‘This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye,’ says CEO Kevin Mandia.