Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again
SolarWinds releases known attack timeline but new data suggests hackers may have done a dummy run last year
Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ
This is the best summary I’ve seen so far:
The US has suffered a massive cyberbreach. It’s hard to overstate how bad it…
This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols
Although updates continue to come in:
Suspected Russian hackers used Microsoft vendors to breach customers
The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, investigators said.
My oh-so-humble opinion on this one is that there is no substitute for knowing your s**t. Outsource at your own risk, because this is war, and the the bad guys are playing to kill.
Sounds like the rats are in every corner of the ship…
We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.
SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product
U.S. intelligence agencies say Russia likely behind hacking of government agencies
[…]
The lawsuit also points out that SolarWinds’ update server was at one time only protected by the insanely bad password solarwinds123, which was not a great indication of security being taken seriously.
[…]
US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents
The SolarWinds hack exposed sealed US court documents – which could have a serious effect on Western sanctions against state-backed hackers.
[…]
SolarWinds takes a leaf out of Zoom’s book, hires A-Team of Stamos and Krebs to sort out its security woes
[…]
On Friday the news broke that Chris Krebs, formerly the head of the US government’s Cybersecurity and Infrastructure Security Agency (CISA) until he was fired by presidential tweet for saying the American election wasn’t hacked, has started a consultancy with former Facebook and Yahoo ! security chief Alex Stamos. The two say that they have already been hired by SolarWinds and it’s a long-term contract.
[…]
https://www.schneier.com/blog/archives/2021/01/injecting-a-backdoor-into-solarwinds-orion.html
So the Bad Guys got right into the compile chain at SolarWinds… tricky…
This, of course, reminds many of us of Ken Thompson’s thought experiment from his 1984 Turing Award lecture, “Reflections on Trusting Trust.”
Yup… it gets worse…
https://www.reuters.com/article/us-cyber-solarwinds-china-idUSKBN2A22K8
While the alleged Russian hackers penetrated deep into SolarWinds network and hid a “back door” in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion’s code to help spread across networks they had already compromised, the sources said.
…via…
https://www.schneier.com/blog/archives/2021/02/another-solarwinds-orion-hack.html
Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack
[…]
If anyone understands the havoc 1,000 developers can create, it’s Microsoft.
[…]
Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds…
So, what I want to see is an immediate decision from Canada’s Privacy Commissioner that anyone who has had SolarWinds on their system is in breach of Canada’s PIPEDA laws. Ditto the GDPR. How is it that you use a piece of software which, aside from the immediate breach of security it represents, could have been used to stash back doors in your systems, and still call yourself in any way “compliant”?
Our school board got hit by a ransomware attack last month. Guess what? They used SolarWinds… My bet is that we see a lot more of this.
If we don’t, then the criminals have really let their game slip…