Thursday, February 25, 2021
Home Technology Windows Microsoft: SolarWinds attack took more than 1,000 engineers to create | ZDNet

Microsoft: SolarWinds attack took more than 1,000 engineers to create | ZDNet

The months-long hacking campaign that affected US government agencies and cybersecurity vendors was “the largest and most sophisticated attack the world has ever seen,” Microsoft president Brad Smith has said, and involved a vast number of developers.

The attack, disclosed by security firm FireEye and Microsoft in December, may have impacted as many as 18,000 organizations as a result of the Sunburst (or Solorigate) malware planted inside SolarWinds’s Orion network management software.   

“I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen,” Smith told CBSNews’ 60 Minutes

Microsoft, which was also breached by the bad Orion update, assigned 500 engineers to investigate the attack said Smith, but the (most likely Russia-backed) team behind the attack had more than double the engineering resources. 

“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000,” said Smith. 

RELATED:  Best CPU cooler 2021: top CPU coolers for your PC

Among US agencies confirmed to have been affected by the attacks include the US Treasury Department, the Cybersecurity and Infrastructure Agency (CISA), The Department of Homeland Security (DHS), and the US Department of State, and the US Department of Energy (DOE)

RELATED:  Best CPU cooler 2021: top CPU coolers for your PC

Smith has previously raised alarm over the attack because government backed cyber attackers focusing on the technology supply chain pose a risk for the broader economy. 

“While governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy,” Smith said after disclosing the attacks. 

He said this was an attack “on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.”

Smith highlighted to 60 Minutes that the attackers re-wrote just 4,032 lines of code within Orion, which consists of millions of lines of code. 

Kevin Mandia, CEO of FireEye also discussed how the attackers set off an alarm but only after the attackers had successfully enrolled a second smartphone connected to a FireEye employee’s account for its two-factor authentication system. Employees need that two-factor code to remotely sign in the company’s VPN.

RELATED:  Microsoft could soon announce the big Windows 10 revamp

“Just like everybody working from home, we have two-factor authentication,” said Mandia. 

“A code pops up on our phone. We have to type in that code. And then we can log in. A FireEye employee was logging in, but the difference was our security staff looked at the login and we noticed that individual had two phones registered to their name. So our security employee called that person up and we asked, “Hey, did you actually register a second device on our network?” And our employee said, “No. It wasn’t, it wasn’t me.”

RELATED:  Microsoft Edge for Windows 10 is getting web widgets support and more

Charles Carmakal, senior vice president and chief technology officer at FireEye’s Mandiant incident response team, previously told Yahoo News that FireEye’s security system alerted the employee and the company’s security team to the unknown device that supposedly belonged to the employee. 

The attackers had gained access to the employee’s username and password via the SolarWinds update. Those credentials allowed the attacker to enroll the device in its two-factor authentication system. 

RELATED:  Prime Minister's meeting with Google 'constructive' but he isn't backing down | ZDNet

The Orion updates weren’t the only way that companies were infiltrated during the campaign, which also involved the hackers gaining access to cloud applications. As many 30% of the organisations breached had no direct link to Solar Winds according to a report in The Wall Street Journal.

This article is auto-generated by Algorithm Source: www.zdnet.com

Trending

Latest News