It has been reported that state-sponsored hackers who breached US software provider SolarWinds earlier this year pivoted to Microsoft’s internal network, and then used Microsoft’s own products to further the attacks against other companies. Reports have also stated that Microsoft has identified more than 40 of its customers that installed trojanised versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads. The OS maker said it was able to discover these intrusions using data collected by Microsoft Defender antivirus product, a free antivirus product built into all Windows installations. Microsoft President Brad Smith said his company is now in the process of notifying all the impacted organisations, 80% of which are located in the United States, with the rest being spread across seven other countries —namely Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE.
<p>The SolarWinds and related source breaches are Microsoft are the security industries worst case scenario. Security products need to run with a higher level of permissions and when breached they have the opposite effect of helping with security. All products are at this risk, Security products are no different. Even with full due care there are just too many ways in at some point something bad will happen. That said, we all must up our game around security training and monitoring for our development environments. But beyond that we need to design security products in new ways to lessen the risk of a breach and the impact when a breach occurs.</p>
<p><em><span style=\"font-style: normal;\">There is certainly a high probability that we will continue to see high profile attacks like those targeting Microsoft, Solar Winds UK, and U.S. government agencies and their customers in the foreseeable future as the size of this breach is massive. Any organisation that would fit the profile of a ‘high-value target’ should be on the alert and redouble efforts to make sure critical systems are secure. They should initiate threat hunting and compromise assessments to assure they are not being targeted in these or other nation-state operations. We share the same belief that APT 29 was behind the Solar Winds breach, as it isn\’t the first time we\’ve seen the Russians using this method. We saw it in the NotPetya attack in 2017 during our investigation. The amount of manpower, time needed to prepare and the accuracy required by the threat actors make it very difficult to achieve success, but it also demonstrates what\’s possible when threat actors gain access to a major vendor\’s supply chain such as Solar Winds, with more than 300,000 customers.</span></em></p> <p> </p> <p><em><span style=\"font-style: normal;\">In addition, one of the least covered stories thus far is that the U.S. is transitioning between administrations and it is always a vulnerable time as a country. On top of that, leaders have been heads down on the election, working to combat disinformation campaigns tied to COVID-19 research and vaccine dissemination, both of which demand a great deal of attention and resources where security is concerned. Adversaries like Russia and China look for this kind of instability and distraction to exploit for their benefit. If Solar Winds, a company with a stellar reputation, is hacked, then no hygiene in the world will prevent future attacks if companies don\’t have a robust, post-breach mindset and around the clock threat hunters on the job.</span></em></p>