Microsoft president calls SolarWinds hack an “act of recklessness” | GeekComparison

Microsoft president calls SolarWinds hack a

Of the 18,000 organizations that downloaded a backdoor version of software from SolarWinds, the tiniest speck — possibly just 0.2 percent — received a follow-up hack that used the backdoor to install a second-stage payload. The largest populations to receive phase two were sequentially technology companies, government agencies and think tanks/NGOs. The vast majority – 80 percent – of these 40 chosen ones were in the US.

These numbers were provided in an update from Microsoft President Brad Smith. Smith also shared some insightful and sobering comments on the significance of this nearly unprecedented attack. Its numbers are incomplete, as Microsoft only sees what its Windows Defender app detects. Still, Microsoft sees a lot, so any difference from the actual numbers is likely a rounding error.

Crème de la crème

SolarWinds is the creator of an almost ubiquitous network management tool called Orion. A surprisingly large percentage of the world’s business networks use it. Hackers backed by a nation-state — two US senators who received private briefings say it was Russia — managed to take over SolarWinds’ software build system and push through a backdoor security update. SolarWinds said about 18,000 users downloaded the malicious update.

The months-long hacking campaign only came to light after security firm FireEye admitted it had been breached by a nation-state. During their investigation, corporate investigators discovered that the hackers were using Orion’s backdoor, not just against FireEye, but in a much broader campaign targeting multiple federal agencies. In the 10 days that have passed since then, the scope and discipline of the hacking operation has become increasingly apparent.

The hack on SolarWinds and the backdooring of 18,000 servers was only the first phase of the attack, one that was carried out only to hit the targets of interest. These crème de la crème organizations were probably the sole purpose of the entire operation, which lasted at least nine months, and possibly much longer.

The Microsoft figures illustrate how targeted this attack was. The hackers behind this supply chain compromise had privileged access to 18,000 corporate networks and tracked down just 40.

The map below shows the sector of these elite hack victims.

Microsoft

Breaking standards

Smith tacitly acknowledged that all industrialized countries are engaged in espionage, including hacking. What was different this time, he said, was that a nation-state had violated established norms by putting huge swathes of the world in real danger to pursue its goals. Smith further wrote:

It is critical that we step back and assess the importance of these attacks in their full context. This is not “espionage as usual” even in the digital age. Instead, it represents an act of recklessness that has created a serious technological vulnerability for the United States and the world. In fact, this is an attack not only on specific targets, but also on the trust and reliability of the world’s critical infrastructure to advance a country’s intelligence service. While the most recent attack appears to reflect a particular focus on the United States and many other democracies, it is also a powerful reminder that people in virtually every country are at risk and in need of protection, regardless of the governments they live under.

Elsewhere in the post, Smith quoted FireEye CEO Kevin Mandia as saying recently, “We are witnessing an attack by a nation with the highest level of offensive capabilities.” Smith then wrote:

As Microsoft cybersecurity experts help with the response, we’ve come to the same conclusion. Unfortunately, the attack represents a broad and successful espionage-based attack on both US government confidential information and the technical tools used by companies to protect it. The attack is ongoing and is being actively investigated and addressed by public and private sector cybersecurity teams, including Microsoft. As our teams act as first responders in these attacks, these ongoing investigations reveal an attack remarkable for its scope, sophistication and impact.

The SolarWinds hack is going to be one of the worst spy hacks of the past decade, if not all time. The craftsmanship and pinpoint accuracy are nothing short of amazing. As those elite victims unravel what the second phase has done to their networks in the coming weeks, this story is likely to go into hyperdrive.

Leave a Comment