Microsoft president calls SolarWinds hack an “act of recklessness”
Of 18,000 backdoored servers, hackers followed up on only a few dozen. …
reader comments
107 with 88 posters participating
Of the 18,000 organizations that downloaded a backdoored version of software from SolarWinds, the tiniest of slivers—possibly as small as 0.2 percent—received a follow-on hack that used the backdoor to install a second-stage payload. The largest populations receiving stage two were, in order, tech companies, government agencies, and think tanks/NGOs. The vast majority—80 percent—of these 40 chosen ones were located in the US.
These figures were provided in an update from Microsoft President Brad Smith. Smith also shared some insightful and sobering commentary on the significance of this almost unprecedented attack. His numbers are incomplete, since Microsoft sees only what its Windows Defender app detects. Still, Microsoft sees a lot, so any difference with actual numbers is likely a rounding error.
Crème de la crème
SolarWinds is the maker of a nearly ubiquitous network management tool called Orion. A surprisingly large percentage of the world’s enterprise networks run it. Hackers backed by a nation-state—two US senators who received private briefings say it was Russia—managed to take over SolarWinds’ software build system and push a security update infused with a backdoor. SolarWinds said about 18,000 users downloaded the malicious update.
The months-long hack campaign came to light only after security firm FireEye admitted it had been breached by a nation-state. In the course of their investigation, company researchers discovered that the hackers used the Orion backdoor, not just against FireEye, but in a much broader campaign targeting multiple federal
Continue reading – Article source
