SolarWinds: Info Dribbles Continue
May 10, 2021
A “dribble” is, according to Merriam Webster, “issue in piecemeal or desultory fashion.” From my point of view, “SolarWinds Says Russian Group Likely Took Data During Cyber-Attack” qualifies as info dribble. Paywalled Bloomberg reports:
SolarWinds said it “found evidence that causes us to believe the threat actor exfiltrated certain information as part of its research and surveillance,” according to a regulatory filing on Friday. The hackers “accessed email accounts of certain personnel, some of which contained information related to current or former employees and customers,” the company said.
How much data were taken, what content was pilfered, and for how long? Sorry, no info to address these questions. The write up reports:
SolarWinds estimates the hackers breached fewer than 100 of its customers using its software, according to the filing. The White House has found that about 100 U.S. companies and nine government agencies were hacked by the Russian cyber-attackers through SolarWinds and other means in the course of their espionage operation.
Remarkable how few entities were affected.
How did the attack occur? Here’s the explanation in the write up:
… the company believes the hackers may have used an unknown vulnerability, a brute-force cyber attack,or through social engineering — such as a phishing operation — according to the filing. The hackers then conducted “research and surveillance” on the company, including its Microsoft Office 365 environment, for at least nine months prior to October 2019, when they moved to the “test run” phase of the attack, according to the filing.
Okay, what happened exactly? Right, the company does not know.
What about the cyber security systems in place to identify malicious activity? What about systems to identify threats? What about the vulnerabilities in the supply chain processes?
Many questions. Dribble info is interesting but not germane to the big question: How did a lengthy attack go un-noticed for months? Another question: What’s the fix?
Stephen E Arnold, May 10, 2021