Expert Reaction On Microsoft Says It Identified 40+ Victims Of The SolarWinds Hack

Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads. 

Experts Comments

December 22, 2020
Ekaterina Khrustaleva
COO
ImmuniWeb

SolarWinds-gate illustrates the emerging trend of sophisticated supply chain attacks. Very few, if any, organizations ever cared to verify an update's integrity till today. The question is how many other software products from different vendors were silently compromised without triggering an alert so far? How many vendors were breached and backdoored to release a malicious update upon a signal from organized crime or a nation-state cybercrime actor?

 

Most organizations narrow down their Third

.....Read More

SolarWinds-gate illustrates the emerging trend of sophisticated supply chain attacks. Very few, if any, organizations ever cared to verify an update's integrity till today. The question is how many other software products from different vendors were silently compromised without triggering an alert so far? How many vendors were breached and backdoored to release a malicious update upon a signal from organized crime or a nation-state cybercrime actor?

 

Most organizations narrow down their Third Party Risk Management program to questionnaires with boilerplate questions about obsolete, irrelevant, or one-size-fits-all security controls. Such an approach may be because of budgetary restraints, however, an organization should at least tailor risk and threat assessments for their trusted third parties, such as IT and cybersecurity vendors. Furthermore, an independent risk assessment of a vendor’s attack surface and Dark Web exposure should complement the questionnaires at least on the annual basis.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.