Connect with us

Hi, what are you looking for?

Business News

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack

As FireEye reveals how suspicious second phone signed up for 2FA gave the game away

Microsoft president Brad Smith said the software giant’s analysis of the SolarWinds hack suggests the code behind the crack was the work of a thousand or more developers.

Speaking on US news magazine program 60 Minutes, Smith labelled the attack “the largest and most sophisticated attack the world has ever seen.”

“When we analysed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.”

If anyone understands the havoc 1,000 developers can create, it’s Microsoft.

Smith didn’t say who those 1,000 developers worked for, but compared the SolarWinds hack to attacks on Ukraine that had been widely attributed to Russia (which denies involvement).

“What we are seeing is the first use of this supply chain disruption tactic against the United States,” he said. “But it’s not the first time we’ve witnessed it. The Russian government really developed this tactic in Ukraine.”

The 60 Minutes segment also featured FireEye CEO Kevin Mandia. FireEye also fell foul of the SolarWinds attack and Mandia revealed how his firm spotted the attack when an attempt at two-factor authentication raised suspicion.

“A FireEye employee was logging in, but the difference was our security staff looked at the login and we noticed that individual had two phones registered to their name,” he said. “So our security employee called that person up and we asked, ‘Hey, did you actually register a second device on our network?’ And our employee said, ‘No. It wasn’t, it wasn’t me’.”

That admission led to further probing and eventually to SolarWinds, then to FireEye’s disclosure of Orion’s compromise.

60 Minutes also dropped a little nugget of insight by revealing that 4,032 lines of code were at the core of the crack.

Others featured in the segment opined that it exploited a blind spot in US defences by running on servers hosted in America itself. Most US cyber defences look at activity beyond the nation’s borders and assume the private sector in the USA takes care of itself.

Which it tried to, but the nature of this attack meant it was devilishly hard to detect. ®

Source: https://www.theregister.com/2021/02/15/solarwinds_microsoft_fireeye_analysis/?&web_view=true

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

It was a big year for cybersecurity in 2022 with massive cyberattacks and data breaches, innovative phishing attacks, privacy concerns, and of course, zero-day...

Cyber Security

A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings...

Cyber Security

Microsoft is developing a patch for two actively exploited zero-day vulnerabilities in Microsoft Exchange Server. The flaws, tracked as CVE-2022-41040 and CVE-2022-41082, were discovered in Microsoft’s enterprise...

Cyber Security

Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning. MS-SQL servers are database management systems holding...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO