Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Security

Microsoft Illustrates the Breadth and Depth of the SolarWinds Hack

Unless you have been hiding under an air-gapped rock, the entire computing industry was set on fire this week with the announcement that SolarWinds platform had been compromised. While we are starting to learn little bits of information about the scale and damage of this attack, Microsoft has begun to share what it has learned during the past few days.

Not long after the attack was made public, Microsoft began moving aggressively with nearly every tool in its arsenal to dig up new details and stop potential threats. This isn’t all that surprising, the company has an entire business unit devoted to these tasks that is running 24/7/365 but this attack is unlike anything we have seen in recent memory.

In a post penned by Brad Smith, he highlights some of the facts that SolarWinds already shared including, 17,000 customers being impacted by the breach but also shared new data too. Specifically, that the hackers, stated to be Russian, have targeted 40 organizations of which, 80% are located in the United States.

Image #1 Expand

Map showing hotspots of SolarWinds hacks being targeted – Image Credit: Microsoft

The targeted list includes not only government agencies, but security and other technology firms. One of the more well-known companies was FireEye who announced that their system and tools had been accessed and stolen. Microsoft was said to be a victim of the attack as well but the company has since denied that allegation.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

The full scale and damage of this hack is far from being completely understood. Over the next weeks and months, more information will surface and damage will be announced by companies who were targeted in the attacks.

Security will continue to be an evergreen challenge and as more sophisticated attacks continue to be uncovered, it’s imperative that IT Pros understand how and when to patch their enviornments.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (2)

2 responses to “Microsoft Illustrates the Breadth and Depth of the SolarWinds Hack”

  1. <p>The SANS webcast about this is definitely worth a watch. Patching is certainly important, but in this case somewhat irrelevant, since it's a software supply chain hack. On top of that, it's for software that inherently has privileged access across the network–and typically more rights than necessary. Once in, apparently they were setting up unique infrastructure for each environment to maintain persistence. This was exceedingly difficult to protect against, since it's a trusted, signed binary, and the embedded malware only started phoning home 10-14 days after install. Defense in depth, zero-trust, rigorous threat modeling, etc. all come into play, but even then, the cards are stacked in favor of the attackers if they can pull off a Manchurian Candidate-like hack on this level. </p><p><br></p><p>It's pretty amazing anyone caught it, actually. Now that they're in so many environments, removing all access is going to be quite ugly.</p>

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: