THE NEUTRAL ZONE
The cyberattack on government and private-sector networks through a SolarWinds Orion software breach may have gone deeper than previously thought.
Microsoft said in a blog post today that it discovered an account accessed its internal source code, which is used to build software products. The account wasn’t able to modify any of the code or systems and no customer data was accessed. There was also no evidence that Microsoft systems were used to attack others.
The attackers were likely looking for security vulnerabilities in Microsoft products that they could use to gain access to users of those products, according to Mike Chapple, a former National Security Agency official. Microsoft said the attack doesn’t elevate the risk of Microsoft products being hacked in the future.
This development increases concern that hackers may have targeted and compromised other technology companies. A Wall Street Journal analysis found that the SolarWinds breach impacted companies including Cisco Systems Inc., chip makers Intel Corp. and Nvidia Corp., and accounting firm Deloitte LLP.
Cybersecurity experts placed blame for the SolarWinds cyberattack on Russia, though Russia has continued to deny any responsibility. President Donald Trump said China may be at fault and China’s foreign ministry responded by telling the U.S. to be “responsible” with claims about cybersecurity issues. President-elect Joe Biden criticized Trump’s response to the cyberattack last week, calling it an “irrational downplaying of the seriousness of this attack.”
This section includes an aggregation of articles showing different viewpoints on the topic.
CISA updates SolarWinds guidance, tells US govt agencies to update right away – ZDNet – 12/31/2020
In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year. Agencies that can’t update by that deadline are to take all Orion systems offline, per CISA’s original guidance, first issued on December 18.
SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage? – CyberScoop – 12/30/2020
Some law firms have already predictably begun fishing for plaintiffs, even as others that might have taken action by now, like state attorneys general, have remained quiet. SolarWinds itself could face lawsuits, but so could companies that use its products, and even companies several degrees removed from SolarWinds but who are tangentially involved, like Microsoft or FireEye.
The SolarWinds Hack Doesn’t Demand a Violent Response – Defense One – 12/31/2020
If the announced punishment is disproportionate it lacks credibility and will not be taken seriously by the attacker. It won’t be taken seriously because it brings a significant risk of escalation. If Biden hit Russia hard, it wouldn’t just bring the risk of the U.S. receiving a similar hit following the discovery of a major espionage hack on Russia; it also carries the risk of Russia retaliating against what it perceived to be unjust punishment, and voilà, the cycle of violence spins out of control.
Relax: At Least The SolarWinds Hack Tells America It Has A Problem Worth Solving – Forbes – 12/31/2020
Every time US companies suffer a cyberattack or breach, after a brief period of anxiety the sense invulnerability dissipates and everything returns to normal. The strength of the US economy has always been its huge investment in technology, and yet it is the same feature which now makes the US especially vulnerable. The idea that millions of people in the US might one day wake up to a malfunctioning power grid or major economic harm seems part of a far-fetched dystopia.
This section includes an aggregation of tweets showing different viewpoints on the topic.