Expert Reaction On Microsoft Says It Identified 40+ Victims Of The SolarWinds Hack

By   ISBuzz Team
Writer , Information Security Buzz | Dec 22, 2020 08:03 am PST

Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ekaterina Khrustaleva
December 22, 2020 4:22 pm

<p>SolarWinds-gate illustrates the emerging trend of sophisticated supply chain attacks. Very few, if any, organizations ever cared to verify an update\’s integrity till today. The question is how many other software products from different vendors were silently compromised without triggering an alert so far? How many vendors were breached and backdoored to release a malicious update upon a signal from organized crime or a nation-state cybercrime actor?</p> <p>&nbsp;</p> <p>Most organizations narrow down their Third Party Risk Management program to questionnaires with boilerplate questions about obsolete, irrelevant, or one-size-fits-all security controls. Such an approach may be because of budgetary restraints, however, an organization should at least tailor risk and threat assessments for their trusted third parties, such as IT and cybersecurity vendors. Furthermore, an independent risk assessment of a vendor’s attack surface and Dark Web exposure should complement the questionnaires at least on the annual basis.</p>

Last edited 2 years ago by Ekaterina Khrustaleva

Recent Posts

Would love your thoughts, please comment.x