It’s been approximately 100 days since the disclosure of the attack on the SolarWinds Orion platform, and we are in a better place to understand what happened. It’s been pretty eye-opening to learn how ill-equipped prominent industry players, including cybersecurity experts, were when it came to finding, preventing and defending themselves against an attack like this.
The CEOs from FireEye, Microsoft, SolarWinds, and CrowdStrike appeared in front of a U.S. Senate panel to layout the unfolding of events, defend their conduct in the data breach (blamed on Russian hackers) and sought to shift responsibility elsewhere. Notably missing was Amazon, even though its AWS cloud platform was a contributing factor in how the cyber attack was executed and spread.
During the testimony, it was outlined how the SolarWinds software was hijacked and used to break into a host of other organizations, and that the hackers had been able to read Microsoft’s source code for user authentication. This exposure and subsequent manipulation of the source code led to the hack of about 100 U.S. companies and nine federal agencies. CrowdStrike went so far as to say of Microsoft’s antiquated and complicated approaches – “The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network” and that “if a different methodology had been used this particular threat vector would be eliminated.”
Even if the Senate panel pushed for a security solution for future prevention they wouldn’t have gotten one. These organizations are too ingrained in what they know and the tools/systems they have designed, or use. In this blog we’ll recount details of the hearing, but at the end, we’ll lay out why with our ARIA ADR solution, why the attack on Orion never would have happened; thus we would not have the cascading consequences that are coming to light in its wake.
Enjoy and see you at the end….
Your vendors and partners may be your biggest cybersecurity risk
The attack was discovered by FireEye and only by chance, as they noticed simultaneous log-ins. He spoke that his company had pen test tools stolen as a…