Important new information continues to come to light as the details of this breach are unraveled. Unfortunately, none of it is good news.
Probably the most troubling new information is the realization that not all of the victims were running SolarWinds products. Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said in an interview that 30% of victims were not running SolarWinds’ Orion platform but suffered a compromise anyway.
Those responsible for the attack “gained access to their targets in a variety of ways,” Wales said, as quoted by the Wall Street Journal. “This adversary has been creative. It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.”
That is a frightening realization and changes the potential scope of the problem entirely. Where we thought the potential list of victims was contained in a box, we now must come to terms with the fact that everyone is a potential victim of this attack.
In fact, SolarWinds has identified Microsoft’s Office 365 cloud solution as the likely entry point into their environment.
During Congressional hearings, this week leaders from Microsoft, SolarWinds, FireEye, and CrowdStrike testified that there is strong evidence that Russia is behind the attacks, and that the planning and execution of this attack required more than 1000 programmers.
FireEye CEO Kevin Mandia told the Senate “There’s no doubt in my mind that this was planned, the question really is where’s the next one, and when are we going to find it?”
Medicine Bow Technologies provides security solutions that check for the existence of this breach in your environment. Call us today to talk about your cybersecurity.