SolarWinds Hack Underscores Need For ‘Moving To The Cloud’

/in


The massive SolarWinds hack that ensnared Microsoft and thousands of SolarWinds customers underscores the importance of implementing zero trust architecture and migrating to the cloud, according to Microsoft CEO Satya Nadella.

“What SolarWinds shows is the importance … of moving to the cloud,” Nadella told CRN in an exclusive interview before Microsoft was hit by separate attacks on its on-premises Exchange Server. “A lot of the SolarWinds attack surface is because of the trust relationships sometimes that get established between the weak portions of your on-premise infrastructure—where you don’t have the operational security posture … or even when the systems are not patched—and then your cloud, and then you can sort of propagate laterally.”

Microsoft has called the SolarWinds cyberattack, identified in December, “the largest and most sophisticated attack the world has ever seen” from a software engineering perspective. Suspected Russian intelligence attackers injected malicious code into Austin, Texas-based SolarWinds’ Orion network monitoring platform that was downloaded into as many as 18,000 of its customers’ computer networks. That enabled hackers to breach at least nine federal government agencies and 100 private firms.

[RELATED: Microsoft CEO Satya Nadella’s Plan To Unlock ‘Trillions Of Dollars’ In Partner Opportunity]

The hackers used a compromised internal Microsoft account to view source code in certain Microsoft repositories and download some of that code related to Microsoft Azure, Intune and Exchange, according to Microsoft, which spends $1 billion-plus annually on its security. The compromised Microsoft account didn’t have permissions to modify any code or engineering system, and none of the code was altered, Microsoft said. After gaining access to organizations’ on-premises networks, the hackers targeted their federated identity solutions and leveraged ill-gotten privileged access and forged authentication tokens to “move laterally” to Azure Active Directory and Microsoft 365 cloud environments, according to the U.S. Cybersecurity and Infrastructure Security Agency.

“Microsoft technology was not compromised…

Source…