In the first nine months of 2021, the Orion breach cost SolarWinds $40 million, the company's quarterly report from October said.
But the SolarWinds hack caused government and industry leaders to rethink how software is made and secured, giving rise to close scrutiny of the software supply chain.įor SolarWinds, the newly minted poster child of software vulnerabilities, the attack, recovery and ensuing fallout came at a cost. Instead, a private cybersecurity firm called FireEye was the first to notice the breach when it noticed that its own systems were hacked.Unlike highly regulated industries, such as the automobile or pharmaceutical sectors, software providers lack high levels of legal accountability for vulnerabilities and risks. The US Cyber Command, which receives billions of dollars in funding and is tasked with protecting American networks, was "blindsided" by the attack, the New York Times reported. Not only is the breach one of the largest in recent memory, but it also comes as a wake-up call for federal cybersecurity efforts. With access to government networks, hackers could, "destroy or alter data, and impersonate legitimate people," Bossert wrote in an Op-Ed for the New York Times. Tom Bossert, President Trump's former homeland security officer, said that it could be years before the networks are secure again. Now that multiple networks have been penetrated, it's expensive and very difficult to secure systems. Read more: 5 takeaways from the Tuesday Senate hearing over the SolarWinds cyberattack Why it matters Microsoft's Smith said during the February hearing that he believes Russia is behind the attack, and FireEye CEO Kevin Mandia said based on his company's forensic analysis, the evidence is "most consistent with espionage and behaviors we've seen out of Russia." However, the execs noted that the full extent of the attack is still unfolding. But the Biden White House has said it may respond to the cyberattack in the coming weeks, which could include actions against the Russian government. Russia has denied any involvement with the breach and former President Donald Trump had suggested, without evidence, that Chinese hackers may be the culprits. Later, the same group attacked the Democratic National Committee and members of the Hilary Clinton presidential campaign.
Russian intelligence was also credited with breaking into the email servers in the White House, the State Department, and the Joint Chiefs of Staff in 20. Read more: Former US cybersecurity chief Chris Krebs says officials are still tracking 'scope' of the SolarWinds hack Who did it?įederal investigators and cybersecurity experts say that Russia's Foreign Intelligence Service, known as the SVR, is probably responsible for the attack. Treasury Secretary Steven Mnuchin said on CNBC that the hackers have only accessed unclassified information, but the department is still investigating the extent of the breach. The IRS hasn't found any evidence of being compromised, he added. So were private companies, like Microsoft, Cisco, Intel, and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University, the Wall Street Journal reported.Īnd since the hack was done so stealthily, and went undetected for months, security experts say that some victims may never know if they were hacked or not, the Wall Street Journal reported.Īt the Treasury Department, hackers broke into dozens of email accounts and networks in the Departmental Offices of the Treasury, "home to the department's highest-ranking officials," Sen. US agencies - including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury - were attacked.
New findings suggest a more complicated role Read more: Microsoft said its software and tools were not used 'in any way' in the SolarWinds attacks. Microsoft president Brad Smith said in a February congressional hearing that more than 80% of the victims targeted were nongovernment organizations. Since SolarWinds has many high-profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive. SolarWinds told the SEC that up to 18,000 of its customers installed updates that left them vulnerable to hackers.
0 kommentar(er)
