Only an elite few SolarWinds hack victims received follow-on attacks

Close up of digital data and binary code in network.

Enlarge / Close up of digital data and binary code in network. (credit: Getty Images)

Of the 18,000 organizations that downloaded a backdoored version of software from SolarWinds, the tiniest of slivers—possibly as small as 0.2 percent—received a follow-on hack that used the backdoor to install a second-stage payload. The largest populations receiving stage two were, in order, tech companies, government agencies, and think tanks/NGOs. The vast majority—80 percent—of these 40 chosen ones were located in the US.

These figures were provided in an update from Microsoft President Brad Smith. Smith also shared some insightful and sobering commentary on the significance of this almost unprecedented attack. His numbers are incomplete, since Microsoft sees only what its Windows Defender app detects. Still, Microsoft sees a lot, so any difference with actual numbers is likely a rounding error.

Crème de la crème

SolarWinds is the maker of a nearly ubiquitous network management tool called Orion. A surprisingly large percentage of the world’s enterprise networks run it. Hackers backed by a nation state—two US senators who received private briefings say it was Russia—managed to take over SolarWinds’ software build system and push a security update infused with a backdoor. SolarWinds said about 18,000 users downloaded the malicious update.

Read 7 remaining paragraphs | Comments



https://ift.tt/3r2jGFj

Comments