Breach, Third-party risk

Microsoft found 1,000-plus developers’ fingerprints on SolarWinds attack

February 15, 2021
An analysis of the recent SolarWinds hack concluded that more than one thousand developers were likely involved in the code that enabled the attack, Microsoft president Brad Smith said in the news program “60 Minutes,” describing it as “the largest and most sophisticated attack the world has ever seen,” according to The Register. Smith drew comparisons between the incident and the cyberattacks in Ukraine that were alleged to have been instigated by the Russian government. “What we are seeing is the first use of this supply chain disruption tactic against the United States,” Smith said. In the same segment, FireEye CEO Kevin Mandia spoke about their involvement in the breach and how the discovery of a suspicious two-factor authentication event led to the attack’s eventual discovery. The segment also discussed how cyber defense groups failed to detect this particular attack on the basis that most place their focus on outside borders, while SolarWind’s attackers used U.S.-hosted servers.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

Related

Breach
Alaska DHHS attack, breach spotlights ongoing health department security challenges

Jessica DavisSeptember 21, 2021

All individuals who've used services from the Alaska DHHS are being notified that their data was possibly stolen during a cyberattack four months ago. Officials have been transparent about the ongoing criminal investigation and network outages, but the incident spotlights continued challenges faced by government and health departments.

Breach
180K patients affected by USV Optical systems hack, health data theft

Jessica DavisSeptember 20, 2021

This week’s health care data breach roundup is led by a systems hack and data exfiltration incident at USV Optical. Other incidents include several email hacks, ransomware, and further data theft.

Regulation
Health app developers be warned: FTC ready to hand down fines for failure to report breaches

Jessica DavisSeptember 16, 2021

The FTC Health Breach Notification Rule was enacted 10 years ago to protect the privacy and security of consumer health data not covered by HIPAA, but it was never enforced. A policy decision enacted on Sept. 15 will change that.

prestitial ad