The SolarWinds Orion IT management software hack is now acting like a tornado, sucking up everything and growing larger with every passing moment. SolarWinds, in its SEC filing, acknowledged that nearly 18,000 of its customers were affected in their software hack and that they were all notified about it. However, no customer names were disclosed, and it took down the client list post the disclosure of the hack. But five days after the official notification, Microsoft has now accepted that they were hacked. It is probably one of the reasons why they partnered with FireEye to create a Killswitch for stopping the Sunburst malware in the first place.
Microsoft Feels the Ripples of SolarWinds Hack
The U.S. National Security Agency (NSA), on Thursday, issued a “cybersecurity advisory” describing how threat actors were leveraging the abused authentication mechanisms for disrupting Microsoft Azure cloud services. It directed users to lock down their systems and observe the remedial measures as prescribed by Microsoft.
However, this was just the tip of the iceberg. The actual impact was to be known only a day later when Microsoft said, “Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed.” The spokesperson who issued this statement also added that there were no traces of the hackers further using their compromised systems to move parallelly. Sources have suggested that Microsoft’s cloud services have been extensively used by hackers to scroll through new potential targets while the mainframe remains untouched.
The Affected Parties
The investigation of the hack has been ongoing, and the list seems to be getting appended with a new name every passing moment. But Microsoft seems to have answers to what geo targets and the industries were most affected by the SolarWinds hack.
Microsoft President Brad Smith, in a blog post, stated that 80% of the targets were from the U.S.; however, threat actors also targeted seven other nations – Belgium, Canada, Israel, Mexico, Spain, and the United Arab Emirates. He further noted that since the investigation is still on, this list could get bigger.
Microsoft President Brad Smith says Microsoft has identified SolarWinds victims in seven other countries so far — Belgium, Canada, Israel, Mexico, Spain and the United Arab Emirates. “It’s certain that the number and location of victims will keep growing.” https://t.co/o69jjP03K8
— Kim Zetter (@KimZetter) December 18, 2020
Microsoft has also shared the list of sectors that were affected by the SolarWinds hack based on the data gathered from Microsoft’s Defender Anti-Virus software. This list not only includes the IT and Governmental sector but also non-governmental organizations and think tanks, which is rather surprising.
At the end of the blog, Brad Smith said something that is the need of the hour:
This is a third and final sobering development worth noting from what has obviously been a challenging year. This comes from the intersection between cyberattacks and COVID-19 itself.
We live in a more dangerous world, and it requires a stronger and more coordinated response.
A more effective strategy as we enter a new year.
Put simply, we need a more effective national and global strategy to protect against cyberattacks. It will need multiple parts, but perhaps most important, it must start with the recognition that governments and the tech sector will need to act together.