Tag Archive for: exec

At least 1,000 engineers worked on supply chain hack, tech exec says — GCN

/in


network monitoring (nmedia/Shutterstock.com)

At least 1,000 engineers worked on supply chain hack, tech exec says

  • By Justin Katz
  • Feb 24, 2021

The scope and scale of the SolarWinds supply chain hack was made plain by Microsoft President Brad Smith when he told senators that the company estimates the breach likely took “at least a thousand” skilled and capable people to pull off.

The hack leveraged flaws in IT management software from SolarWinds and products from other vendors to inject malware into computer networks, and has affected nine federal agencies and 100 private companies. Microsoft analyzed all of the engineering required for the attack and determined it took the work of “at least a thousand very skilled, capable engineers. So we haven’t seen this kind of sophistication matched with this kind of scale,” Smith told the Senate Select Committee on Intelligence.

Many private- and public-sector cybersecurity experts have laid the blame for the attack at Russia’s feet.

“We went through all the forensics. It is not very consistent with cyber espionage from China, North Korea or Iran, and is most consistent with cyber espionage and behaviors we’ve seen out of Russia,” Kevin Mandia, CEO of FireEye, said at the Feb. 23 hearing.

George Kurtz, president and CEO of Crowdstrike, added that while his company could not corroborate an attribution to Russia, he has not seen evidence to contradict it.

The White House has continued to say the campaign is “likely Russian in origin,” but is waiting to complete a formal investigation before using more specific language. FireEye, which is credited with discovering the initial breach, has been more cautious, saying that the hack was likely the work of a state or state-sponsored actor.

Gregory Touhill, the federal government’s first chief information security officer and a retired Air Force brigadier general, said in January that formal attribution requires a level of proof that can stand up in court.

“When it comes to attribution, what the intelligence and law enforcement community has to do is …literally trace it all…

Source…

Raytheon Names Former IQT Exec as Cyber Warfare & Mission Innovations VP; Dave Wajsgras Quoted – ExecutiveBiz

/in

Raytheon Names Former IQT Exec as Cyber Warfare & Mission Innovations VP; Dave Wajsgras Quoted  ExecutiveBiz

TYSONS CORNER, VA, April 18, 2019 — Raytheon (NYSE: RTN) hired Teresa Shea, formerly executive vice president of technology at In-Q-Tel, to serve as VP …

“cyber warfare news” – read more

The ‘Internet of Things’ will cause more security problems next year, exec warns – CNBC

/in

The ‘Internet of Things’ will cause more security problems next year, exec warns  CNBC

The “internet of things” has created all sorts of problems on the cybersecurity front — and the problem may get worse soon.

“internet security news” – read more

Microsoft exec: We stopped Russia from hacking 3 congressional campaigns

/in

Microsoft’s Tom Burt talks about phishing attacks detected by Microsoft against political campaigns at the Aspen Security Summit.

In a panel discussion at the Aspen Institute’s Security Summit yesterday, Microsoft Corporate Vice President for Customer Security and Trust Tim Burt said that in the course of hunting for phishing domains targeting Microsoft customers, members of Microsoft’s security team detected a site set up by Russian actors that was being used in an attempt to target congressional candidates.

“Earlier this year,” said Burt, “we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.” While Burt would not disclose who the candidates were, he did say that they “were all people who, because of their positions, might have been interesting from an espionage standpoint as well as an election disruption standpoint.”

Microsoft alerted US law enforcement and worked with the government to take down the sites. “We took down that domain and, working with the government, were able to prevent anyone from being infected by that particular attack,” Burt said. “They did not get in, they tried, they were not successful, and the government security teams get a lot of credit for that.”

Read 4 remaining paragraphs | Comments

Biz & IT – Ars Technica