Senate Grills Tech Executives On SolarWinds Hack
OAN Newsroom
UPDATED 10:27 AM PT – Wednesday, February 24, 2021
The Senate recently pressed high-level tech officials on last year’s SolarWinds cyber attack. On Tuesday, executives for SolarWinds, Microsoft, FyreEye and CrowdStrike spoke with the Senate Select Committee on Intelligence.
The SolarWinds hack, which was discovered last year, has been found to have compromised thousands of federal and private organizations. Although it’s still unknown exactly who was behind the attack, it’s largely suspected the hackers were affiliated with the Russian government.
According to experts, the hackers were able to open a back-door into organization’s systems. This allowed them to steal important credentials in order to gain access to everything in their networks.
“Notably, the threat actor took advantage of systemic weaknesses in the (Microsoft) Windows authentication architecture, allowing it to move laterally within the network as well as between the network,” explained CrowdStrike Chief Executive George Kurtz. “And the cloud by creating false credentials, impersonating legitimate users and bypassing multi-factor authentication.”
“Imagine almost a secret door in your house and the first thing that happens when they come to that secret door is all your keys are right there,” described FireEye CEO Kevin Mandia. “They just grab them and now they can get into any locks you have in your house, the same way your people do.”
Microsoft President Brad Smith made it the most apparent of those who testified that he fully believes the attack was of Russian origin. The attack started in March of last year and reportedly continued for months before being detected.
During his testimony, Smith said he believes one of the biggest challenges in identifying the hack was that the compromised information was stored in multiple places across several companies and agencies.
“We need to enhance the sharing of threat intelligence. Now, that’s the term in the cybersecurity community for information about attacks that people are seeing,” he stated. “And our basic challenge today is that that information too often exists in silos; it exists in silos in the government, it exists in different companies, it doesn’t come together.”
Smith added, the full scale of the attack hasn’t even been uncovered yet as more information comes to light.
https://www.oann.com/senate-grills-tech-ex...
UPDATED 10:27 AM PT – Wednesday, February 24, 2021
The Senate recently pressed high-level tech officials on last year’s SolarWinds cyber attack. On Tuesday, executives for SolarWinds, Microsoft, FyreEye and CrowdStrike spoke with the Senate Select Committee on Intelligence.
The SolarWinds hack, which was discovered last year, has been found to have compromised thousands of federal and private organizations. Although it’s still unknown exactly who was behind the attack, it’s largely suspected the hackers were affiliated with the Russian government.
According to experts, the hackers were able to open a back-door into organization’s systems. This allowed them to steal important credentials in order to gain access to everything in their networks.
“Notably, the threat actor took advantage of systemic weaknesses in the (Microsoft) Windows authentication architecture, allowing it to move laterally within the network as well as between the network,” explained CrowdStrike Chief Executive George Kurtz. “And the cloud by creating false credentials, impersonating legitimate users and bypassing multi-factor authentication.”
“Imagine almost a secret door in your house and the first thing that happens when they come to that secret door is all your keys are right there,” described FireEye CEO Kevin Mandia. “They just grab them and now they can get into any locks you have in your house, the same way your people do.”
Microsoft President Brad Smith made it the most apparent of those who testified that he fully believes the attack was of Russian origin. The attack started in March of last year and reportedly continued for months before being detected.
During his testimony, Smith said he believes one of the biggest challenges in identifying the hack was that the compromised information was stored in multiple places across several companies and agencies.
“We need to enhance the sharing of threat intelligence. Now, that’s the term in the cybersecurity community for information about attacks that people are seeing,” he stated. “And our basic challenge today is that that information too often exists in silos; it exists in silos in the government, it exists in different companies, it doesn’t come together.”
Smith added, the full scale of the attack hasn’t even been uncovered yet as more information comes to light.
https://www.oann.com/senate-grills-tech-ex...
FEBRUARY 23, 2021
Senate Intelligence Hearing on SolarWinds Hacking
The Senate Select Intelligence Committee held a hearing on the SolarWinds cyber hack. They discussed how the cyber hack happened and why it took so long for the hackers to be detected. The panel of experts said that this was a long-term operation and they also talked about vulnerabilities with cyber supply chain security, the need for one central reporting agency for cyber concerns, a larger cybersecurity workforce, and the modernization of the cyber infrastructure. Testifying before the committee were heads of technology companies including SolarWinds and Microsoft.
https://www.c-span.org/video/?509234-1/sen...