Expert Reaction On Microsoft Says It Identified 40+ Victims Of The SolarWinds Hack

Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads. 

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Ekaterina Khrustaleva
InfoSec Expert
December 22, 2020 4:22 pm

<p>SolarWinds-gate illustrates the emerging trend of sophisticated supply chain attacks. Very few, if any, organizations ever cared to verify an update\’s integrity till today. The question is how many other software products from different vendors were silently compromised without triggering an alert so far? How many vendors were breached and backdoored to release a malicious update upon a signal from organized crime or a nation-state cybercrime actor?</p> <p>&nbsp;</p> <p>Most organizations narrow down their Third Party Risk Management program to questionnaires with boilerplate questions about obsolete, irrelevant, or one-size-fits-all security controls. Such an approach may be because of budgetary restraints, however, an organization should at least tailor risk and threat assessments for their trusted third parties, such as IT and cybersecurity vendors. Furthermore, an independent risk assessment of a vendor’s attack surface and Dark Web exposure should complement the questionnaires at least on the annual basis.</p>

Last edited 1 year ago by Ekaterina Khrustaleva
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x