Security

Microsoft Illustrates the Breadth and Depth of the SolarWinds Hack

Unless you have been hiding under an air-gapped rock, the entire computing industry was set on fire this week with the announcement that SolarWinds platform had been compromised. While we are starting to learn little bits of information about the scale and damage of this attack, Microsoft has begun to share what it has learned during the past few days.

Not long after the attack was made public, Microsoft began moving aggressively with nearly every tool in its arsenal to dig up new details and stop potential threats. This isn’t all that surprising, the company has an entire business unit devoted to these tasks that is running 24/7/365 but this attack is unlike anything we have seen in recent memory.

In a post penned by Brad Smith, he highlights some of the facts that SolarWinds already shared including, 17,000 customers being impacted by the breach but also shared new data too. Specifically, that the hackers, stated to be Russian, have targeted 40 organizations of which, 80% are located in the United States.

Image #1 Expand

Map showing hotspots of SolarWinds hacks being targeted – Image Credit: Microsoft

The targeted list includes not only government agencies, but security and other technology firms. One of the more well-known companies was FireEye who announced that their system and tools had been accessed and stolen. Microsoft was said to be a victim of the attack as well but the company has since denied that allegation.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

The full scale and damage of this hack is far from being completely understood. Over the next weeks and months, more information will surface and damage will be announced by companies who were targeted in the attacks.

Security will continue to be an evergreen challenge and as more sophisticated attacks continue to be uncovered, it’s imperative that IT Pros understand how and when to patch their enviornments.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (2)

2 responses to “Microsoft Illustrates the Breadth and Depth of the SolarWinds Hack”

  1. <p>The SANS webcast about this is definitely worth a watch. Patching is certainly important, but in this case somewhat irrelevant, since it's a software supply chain hack. On top of that, it's for software that inherently has privileged access across the network–and typically more rights than necessary. Once in, apparently they were setting up unique infrastructure for each environment to maintain persistence. This was exceedingly difficult to protect against, since it's a trusted, signed binary, and the embedded malware only started phoning home 10-14 days after install. Defense in depth, zero-trust, rigorous threat modeling, etc. all come into play, but even then, the cards are stacked in favor of the attackers if they can pull off a Manchurian Candidate-like hack on this level. </p><p><br></p><p>It's pretty amazing anyone caught it, actually. Now that they're in so many environments, removing all access is going to be quite ugly.</p>

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.