Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says (wsj.com) 23
The newly appointed chief executive of SolarWinds is still trying to unravel how his company became a primary vector for hackers in a massive attack revealed last year, but said evidence is emerging that they were lurking in the company's Office 365 email system for months. From a report: The hackers had accessed at least one of the company's Office 365 accounts by December 2019, and then leapfrogged to other Office 365 accounts used by the company, Sudhakar Ramakrishna said in an interview Tuesday. "Some email accounts were compromised. That led them to compromise other email accounts and as a result our broader [Office] 365 environment was compromised," he said. It is the latest development in the eight-week investigation into one of the worst breaches in U.S. history. SolarWinds, previously a little-known but critical maker of network-management software, is still trying to understand how the hackers first got into the company's network and when exactly that happened. One possibility is that the hackers may have compromised the company's Office 365 accounts even earlier and then used that as the initial point of entry into the company, although that is one of several theories being pursued, Mr. Ramakrishna said.
Our company too deep in Office 365 (Score:2)
Then management decided to go for Office365, We were told it is not to save money, it is not a financial decision. MS sales critters sold a cock and bull story of migration plans and all files would be ported over etc. What they did not tell them was all the cross referenced links between documents would be gone. All the pullrequests linked to user stories, defects, stories spawned from defects, notes at
Re: (Score:2)
I'm curious: when all that productivity was lost, information lost, chaos, etc., why didn't management switch back (away from MS)?
Re: (Score:3)
Management admit a mistake? One they don't have to do the work to fix?
Good one.
Re: (Score:2)
In other words, no clue what happened (Score:3, Insightful)
New critical vulnerabilities in Solarwinds today (Score:4, Insightful)
We have three new vulnerabilities in Solarwinds announced today. One of them is a critical, must be patched today issue. It allows remote code execution as LocalSystem (one step above Administrator). It leverages a terribly insecure subsystem in Windows which Solarwinds should not have been using (and which should not exist).
https://threatpost.com/solarwi... [threatpost.com]
Why does Solarwinds keep having these problems?
Because while they are obviously a very desirable target, they haven't taken security seriously. Simple as that. They need to act like they are the Pentagon, protecting top secret material, because their product DOES have access to high level secrets.
Also, they need to stop fucking running their MONITORING as LocalSystem. If they want to have a separate optional component for pushing out software that runs at high privilege, fine. But you don't fucking need OS-level write privileges to READ monitoring data!
Re: (Score:2)
This. The principle of least privilege exists for good reason.
To be fair to Solarwinds, MS makes it a lot harder to do the right thing than it should be.
Re: (Score:2)
Re: (Score:2)
Because many, many others are just as incompetent and clueless. The only reason these others have not caused such a complete disaster is that they are less attractive to attackers.
Re: (Score:2)
That's not the problem. The problem is that the other companies making the decision to use the software have no way to evaluate how good the security is, until after a hack is publicized. If companies that wanted to choose secure software over insecure software had the information and ability to evaluate the information in order to make that decision, then there'd be market pressure against insecure software. But as things stand, it's much easier to see things like price and features and ease of use that ar
"How his company became (Score:1)
Re: (Score:2)
When you outsource security to a 3rd party (Score:3)
Re: (Score:2)
I wonder how many full circle outsources there are in the wild. A division of A outsources to B who is actually reselling C who outsourced to another division of A to actually provide the service.
Other People's Computers (Score:2)
This is why one should not use "Other People's Computers" (aka the "Cloud") for anything that might go beyond mere entertainment. When you delegate things to Other People then you should be aware that you are giving up *ALL* control and security to that third-party.
As you sew, so shall you reap.
Re: (Score:2)
Agreed. But if I understand correctly, you could have SolarWinds sw on your own hosted servers and be in the same boat. (but at least you'd have more control over pulling the plugs, switching to backup systems (assuming you have them on hand))
Re: (Score:2)
This is why one should not use "Other People's Computers" (aka the "Cloud") for anything that might go beyond mere entertainment. When you delegate things to Other People then you should be aware that you are giving up *ALL* control and security to that third-party.
Google/Facebook probably do security better than most people, and yes I'm including the security of one's own account.
With LibreOffice it wouldn't have happened (Score:2)
That's for sure.
Re: (Score:1)
That's for sure.
LibreOffice has an email client???
Re: (Score:1)
LibreOffice has no mail client, so you cannot read your emails using LibreOffice. You could use it to send emails, but only as a mail-merge (sending personalised messages from a template to one or more recipients).
Microsoft 365 Doesn't Support Security Keys (Score:3)
At this point, industries in secure fields should require security keys (FIDO). That's it. Why do we keep seeing dumb crap like this happen again and again? The federal government should pass a regulation requiring all financial and health companies to support FIDO or OTP on their consumer-facing websites within three years. It's crap that we're letting this happen again and again.