The SolarWinds Hack
The manual supply chain attack against SolarWinds’ Orion network monitoring platform has sent shockwaves throughout the world, with suspected Russian government hackers gaining access to U.S. government agencies, critical infrastructure entities and private sector organizations.
The injecting of malicious code into Orion between March and June 2020 allowed hackers believed to be with the Russian intelligence service, or APT29, to compromise Microsoft and FireEye, as well as U.S. Departments of Defense, State, Treasury, Homeland Security and Commerce, according to reports from Reuters and others.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal civilian agencies Sunday to power down SolarWinds Orion products until all hacker-controlled accounts and identified persistence mechanisms have been removed. CISA said it has evidence of additional initial access vectors beyond SolarWinds Orion, but noted those other intrusion methods are still being investigated.
Michael Dell: Public Cloud Isn’t More Secure Than On-Premise
‘The things that led to a lot of these attacks are human-induced that can occur in a public cloud, can occur in a private cloud – it can occur anywhere,’ says Dell Technologies CEO Michael Dell.
Mimecast Axes SolarWinds Orion For Cisco NetFlow After Hack
Mimecast has decommissioned its SolarWinds Orion software and replaced it with a Cisco NetFlow monitoring system after hackers compromised a Mimecast certificate used for Microsoft authentication.
Microsoft’s Brad Smith Drags AWS, Google Over SolarWinds Response
‘There are other companies that… have not even alerted their customers or others that they were a victim of a SolarWinds-based attack. These are companies where their own infrastructure was used to launch the attack,’ says Microsoft’s Brad Smith.
AWS: SolarWinds Hackers Used Our Elastic Compute Cloud
‘The actors used EC2 just like they would use any server they could buy or use anywhere (on-premises or in the cloud). And, in fact, the actors did use…
