Microsoft Corp. President Brad Smith has labeled the now-infamous hack of SolarWinds Worldwide LLC’s Orion software as the “largest and most sophisticated attack ever” as further details of the attack emerge.
Smith (pictured) made the comments on an interview on CBSNews’ “60 Minutes” Sunday night while also disclosing that Microsoft had assigned 500 engineers to investigate the attack. That number is half of what those behind the attack may have deployed, he added.
“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks,” Smith said. “And the answer we came to was, well, certainly more than 1,000.”
Smith also discussed the scope of the attack, suggesting that the malicious software, which was buried in updates to SolarWinds Orion, went out to 18,000 organizations around the world.
“60 Minutes” also interviewed FireEye Inc. Chief Executive Officer Kevin Mandia. FireEye was the first to detect the attack when they were targeted themselves Dec. 8. Little was it known, at the time FireEye revealed that it had been hacked, just how big the hack would become.
“I can tell you this, if we didn’t do investigations for a living, we wouldn’t have found this,” Mandia said. “It takes a very special skill set to reverse-engineer a whole platform that’s written by bad guys to never be found.” FireEye subsequently discovered that the compromise had occurred because of malware in SolarWinds Orion Dec. 13. SolarWinds confirmed Dec. 14 that its software was at the center of the attack.
A full list of victims of the attack, all 18,000 of them, may never be fully known, but prominent victims include the U.S. Commerce and Treasury departments, Homeland Security, the State Department and the National Institutes of Health. The U.S. Energy Department and National Nuclear Security Administration were also compromised.
The “60 Minutes” report, like many media reports, focuses on the claim that the SolarWinds compromise was led by Russians but ignores evidence that Chinese hackers were also involved. In reality, both Russian and Chinese hacking groups are believed to have been involved.
Microsoft first published details that a second hacking group was also targeting SolarWinds’ software in December, while a report Feb. 2 squarely pointed the finger at Chinese hackers.
Photo: Web Summit/Flickr
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
February 16, 2021 at 08:57AM
https://ift.tt/2OHlzIN
Microsoft's Brad Smith labels SolarWinds hack 'largest, most sophisticated attack ever' - SiliconANGLE News
https://ift.tt/2WinW4G
Bagikan Berita Ini
0 Response to "Microsoft's Brad Smith labels SolarWinds hack 'largest, most sophisticated attack ever' - SiliconANGLE News"
Post a Comment