UPDATED 10:27 AM PT – Wednesday, February 24, 2021
The Senate recently pressed high-level tech officials on last year’s SolarWinds cyber attack. On Tuesday, executives for SolarWinds, Microsoft, FyreEye and CrowdStrike spoke with the Senate Select Committee on Intelligence.
The SolarWinds hack, which was discovered last year, has been found to have compromised thousands of federal and private organizations. Although it’s still unknown exactly who was behind the attack, it’s largely suspected the hackers were affiliated with the Russian government.
According to experts, the hackers were able to open a back-door into organization’s systems. This allowed them to steal important credentials in order to gain access to everything in their networks.
“Notably, the threat actor took advantage of systemic weaknesses in the (Microsoft) Windows authentication architecture, allowing it to move laterally within the network as well as between the network,” explained CrowdStrike Chief Executive George Kurtz. “And the cloud by creating false credentials, impersonating legitimate users and bypassing multi-factor authentication.”
“Imagine almost a secret door in your house and the first thing that happens when they come to that secret door is all your keys are right there,” described FireEye CEO Kevin Mandia. “They just grab them and now they can get into any locks you have in your house, the same way your people do.”
Microsoft President Brad Smith made it the most apparent of those who testified that he fully believes the attack was of Russian origin. The attack started in March of last year and reportedly continued for months before being detected.
During his testimony, Smith said he believes one of the biggest challenges in identifying the hack was that the compromised information was stored in multiple places across several companies and agencies.
“We need to enhance the sharing of threat intelligence. Now, that’s the term in the cybersecurity community for information about attacks that people are seeing,” he stated. “And our basic challenge today is that that information too often exists in silos; it exists in silos in the government, it exists in different companies, it doesn’t come together.”
Smith added, the full scale of the attack hasn’t even been uncovered yet as more information comes to light.
I appreciated the opportunity to address technology & its impact on national security before Congress. It’s clear our nation needs stronger cyber defenses, agile procurement, more digital skills, & tighter partnership between the gov’t and tech sector.https://t.co/2VSrxCmZVm
— Brad Smith (@BradSmi) February 24, 2021