Microsoft president Brad Smith said Tuesday that the spectacular SolarWinds hack, where cybersecurity experts blame Russia, likely required extensive and disciplined efforts by more than 1,000 software engineers. ..
Smith said in a Senate intelligence hearing that he had no ability to gather such efforts other than Russian intelligence and branded it “reckless” due to the wide range of threats to the planet.
Microsoft, one of more than 100 companies, was attacked by hacks and left 18,000 vulnerable, but the work required to inject malware into the widely used security software created by SolarWinds. Was analyzed.
“We asked ourselves how many engineers worked on this joint effort, and the answer we got was … at least 1,000 highly skilled and talented engineers.
“I’ve never seen this kind of sophistication comparable to this kind of scale,” he said.
Smith compared previous hacks from groups backed by Russia and other governments to a thief breaking into one apartment.
The SolarWinds case was different, he said: it was like a thief who “manages to turn off the alert system for every house and every building throughout the city.”
“The safety of everyone is at stake, and that’s what we’re working on here,” he said.
The hack was discovered by computer security company FireEye in December after breaking into computers around the world.
Among the invading US government agencies were the National Security Agency, the State Department, the Commerce Department, and the Treasury Department.
The Washington Post reported Tuesday that the Biden administration is considering options to punish Moscow for hacking and other “malicious” activities.
Last week, White House senior cybersecurity adviser Anneuberger said her team was “overall” looking at retaliation.
“This is not the only case of malicious cyber activity that is likely to be of Russian origin, both for us and for our allies and partners,” she said.
At a Senate hearing, FireEye CEO Kevin Mandia described hacking as the culmination of “decades” of effort by attackers.
He said the staff took thousands of hours to discover the bug, not after disassembling and decompiling thousands of files on the SolarWinds server.
“This wasn’t the first place you saw, this was the last place you looked for an insert,” he said.
Sudhakar Ramakrishna, CEO of SolarWinds, said months after months of how hackers ported malware along the software supply chain when the finished code was tailored to the configuration of downstream users. Said he hadn’t found it yet. ..
“We understand the significance of the situation,” he said.
In hearings, both tech company officials and legislators said the breadth of SolarWinds hacks shows that companies that discover that hackers have invaded need a mandatory reporting system. ..
Companies can now voluntarily report to Department of Homeland Security cybersecurity personnel, but there are also proposals to legally require them to do so in order to detect future threats early.
“Victims of such cyberattacks appear to have an obligation to share what they know and learn with the appropriate authorities,” said Senator John Cornyn.
“There must be a way for people responding to the breach to share data quickly to protect the country and the industry,” Mandia said.
SolarWinds Hack Required Massive, Sophisticated Effort: Microsoft CEO Source link SolarWinds Hack Required Massive, Sophisticated Effort: Microsoft CEO