ransomware attack

Microsoft reveals more information about the SolarWinds hack


Microsoft President Brad Smith has weighed in on the SolarWinds cyberattack. The company was one of the victims of the attack that resulted from vulnerabilities tied to software distributed by SolarWinds. Citing sources familiar with the matter, Reuters reported that hackers broke into Microsoft’s systems and then attacked users through the company’s products. 

What is SolarWinds?

In addition to Microsoft, several government agencies in the U.S. were also breached in the attack tied to SolarWinds’ software. Many government agencies, including the Department of Defense, use Microsoft’s Office 365 software, according to CNBC. Microsoft is a customer of SolarWinds. 

SolarWinds makes a network management tool that’s widely used around the world called Orion. Hackers based by a nation-state reported to be Russia took over SolarWinds’ software build system and pushed out a security update that included a backdoor. 

According to Smith, more than 17,000 users downloaded the update that contained the vulnerability. Of those 18,000 entities, a tiny number then received a follow-on hack that utilized the backdoor to install more malicious software. That small number could be as tiny as 0.2% of those entities. Tech companies were the largest segment of entities that received the extra malicious update, followed by government agencies and think tanks or non-governmental organizations. 

The cyberattack went on for months and was only revealed after FireEye admitted that a nation-state had breached its systems. Upon investigating, the company discovered that the hackers had used a backdoor in Orion to access its systems. 

Microsoft weighs in on the cyberattack

Smith called the cyberattack “a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them.” The attack continues and remains under investigation in both the public and private sectors. 

Smith noted that governments have been spying on each other for hundreds of years, but this latest cyberattack place the entire technology supply chain at risk. He described the cyberattack as “an act of recklessness that created a serious technological vulnerability for the United States and the world.” Smith noted that it wasn’t just an attack on specific targets, but on the world’s critical infrastructure with the goal of advancing a single nation’s intelligence agency. 

He pointed out that the United States seems to be the main focus of the attack, as 80% of the entities that received the second malicious software update are located in the U.S. However, he added that other countries and especially democracies have also been targeted. 

Call for governments and tech companies to work together

Smith also called on a stronger strategy to protect against cyberattacks. He urged the world’s governments to team up with tech companies to fight back. Smith argued that the new year offers “an opportunity to turn a page on recent American unilateralism and focus on the collective action that is indispensable to cybersecurity protection.” 

He noted that it’s important for democratic countries to also work together by sharing information and best practices, especially in the analysis of threat intelligence. Smith also called on nations to strengthen the international rules about nation-state attack.