Special Report: Top SolarWinds News You Might Have Missed During the Holidays
Spyware had a broader reach than originally estimated, penetration into Microsoft's network deeper than previously known, more than a dozen critical infrastructure companies affected, more
Happy New Year to all our readers and subscribers!
While you were off on a much deserved holiday, more revelations surrounding the SolarWinds’ hack hit the headlines. Not only was the hack’s reach broader than experts thought, the spyware also reached deeper into Microsoft’s system than the company originally estimated, potentially gaining access to the Redmond giant’s sensitive source code. And the supply chain attack could have started months earlier than everyone believed. Check out our recap of these and other SolarWinds-related developments below.
Starting today, all of our regular daily and some of our special reports will be available only to email subscribers. Please forward this special report to your friends and colleagues so that they can sign up and gain access to this invaluable content!
Even as the SolarWinds hack appears to have affected at least 250 federal agencies and businesses, a broader reach than initially believed, the assessment among officials is that the U.S. government agencies responsible for cyber defense missed all the signs for detecting the massive espionage infiltration.
The hackers managed to dodge detection in part by exploiting the NSA’s legal prohibition from engaging in domestic surveillance, while early warning systems used by Cyber Command and NSA failed. SolarWinds has a lackluster security record, which didn’t help matters. (David E. Sanger, Nicole Perlroth and Julian E. Barnes / New York Times)
Related: CNN
Russian hackers who implanted the SUNBURST spyware into an update of SolarWinds’ Orion product were able to penetrate deeper into Microsoft’s systems than previously known, gaining access to the software giant’s potentially valuable source code.
Microsoft said it found no evidence of access to production services or customer data and no indications that its systems had been used to attack others. (Ellen Nakashima / Washington Post)
Related: The Huffington Post, Reddit-hacking, New York Times - Nicole Perlroth, VentureBeat, Reuters: World News, Bloomberg Technology, CNET News, CPO Magazine, Engadget, Sputnik News, The Verge, Dark Reading: Threat Intelligence, Bleeping Computer, SecurityWeek, MSPoweruser, Cyberscoop, The Sun, Raw Story, GeekWire Original, Petri, Windows Central, Al Jazeera English, ZDNet Security, Channel News Asia, The Huffington Post, CNN, ibtimes.sg : Top News, WebProNews, RAPPLER, TechDator, Economic Times, iTnews - Security, AlJazeera, iTnews - Security, The Hacker News, Startups News | Tech News, Tech Xplore, NDTV Gadgets360.com, The Mainichi, Gizmodo, Fox Business, The Sun, Business Standard, BusinessLine - Home, Stars and Stripes, iPhone in Canada Blog, Reddit-hacking, Owlysec – Cyber Security News, Gadgets Now, Cyber Kendra, TechDator, WRAL Tech Wire, HackRead, HotHardware.com, ThePrint, Tech Xplore, DataBreaches.net, E Hacking News, Microsoft
The SolarWinds hack infected more than a dozen critical infrastructure companies in the electric, oil, and manufacturing industries along with three critical infrastructure original equipment manufacturers.
The attacks affected not only IT systems but also industrial control systems that manage critical functions. There is no evidence that the hackers actually used the SUNBURST backdoor to gain access to the 15 systems. (Kim Zetter / The Intercept)
Related: CPO Magazine
New evidence emerged that Russian operatives hacked into Microsoft corporate partners' computer systems and stole emails from users of Microsoft cloud services in a failed effort to hack cybersecurity company CrowdStrike.
Unlike the SolarWinds’ breaches, the Russian’s piggybacked on a Microsoft reseller’s supply chain to break into customers of Microsoft’s Office 365. (Nicole Perlroth / New York Times)
Related: Cyber Kendra, Gadgets Now, Reuters: World News, CrowdStrike, Chinanews.net, CTVNews.ca, Big News Network, Channel News Asia, Reuters: World News, CRN, Tech Insider, Engadget, The Hacker News, Slashdot, Boing Boing
The SolarWinds Orion API used to interface with all other Orion system monitoring and management products suffers from an authentication bypass vulnerability (CVE-2020-10148) that may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments, according to a CERT alert.
To address the vulnerability, users should update to the relevant versions of the SolarWinds Orion Platform. (Ravie Lakshmanan / The Hacker News)
Related: Reddit - cybersecurity, Sentinel One, CERT Alert
The US Cybersecurity and Infrastructure Security Agency (CISA) updated its official guidance for dealing with the SolarWinds supply chain attack, urging agencies to take SolarWinds’ Orion software offline by year-end unless they have updated to the latest version.
NSA says the updated software issued by the company eliminates the previously identified malicious code. (Catalin Cimpanu / ZDNet)
Related: Cyber NJ, Bleeping Computer, Security Affairs, Anomali Blog, CISA, The Mac Observer
The SolarWinds breach may have started months earlier than originally estimated, according to Senator Mark Warner (D-VA), who serves as Vice-Chair of the Senate Intelligence Committee.
Government agencies and FireEye peg the initial “burrowing” of infected software into government agencies as happening in March, although it may have started earlier, Warner said. (Mark Hosenball / Reuters)
Related: Silicon UK, Reuters, Channel News Asia
Photo by NASA - NASA, Public Domain, https://commons.wikimedia.org/w/index.php?curid=6422993
