National

Little-known SolarWinds Hacked, Scrutinized Stock Sales – NBC4 Washington

Until this week, few knew SolarWinds, a Texas-based software company that provides important computer network monitoring services to leading companies and government agencies around the world.

However, many prominent customers of the government and Fortune 500 companies have been alerted by the exposure that elite cyber espionage has spent months secretly exploiting SolarWinds software to snoop on computer networks. And the question arises as to whether corporate insiders were aware of security vulnerabilities when the largest investors sold their shares.

The company’s website was founded in 1999 by two brothers in Tulsa, Oklahoma, ahead of the year 2000 problem, which could be a year 2000 problem, and the first product was “IT professionals calm the fear of the end of the world. Arrived at the scene to help. “

This time, the product instills fear. The company began warning about 33,000 customers on Sunday that a “foreign state,” widely suspected of being Russia, had inserted malicious code into an updated version of its premier product, Orion. It was. Ubiquitous software tools that help organizations monitor computer network and server performance have become a means for spies to steal undetected information.

“They aren’t as common names as Microsoft,” said Rob Oliver, a Baird research analyst and long-time follower of the company, “because their software is in the back office.” It. “

Many other people now know about it. FireEye, a well-known cybersecurity company that is one of SolarWinds’ customers, first detected cyber espionage and began notifying other victims. Among the other revealed espionage targets were the US Treasury and the Commerce Department.

However, the Trump administration is silent about the infringement of other institutions. And it didn’t go well with some members of Congress.

“Great,” tweeted Senator Richard Blumenthal, a Democrat in Connecticut. He said the Senate Military Commission categorized the briefings on Tuesday. “I was very anxious about Russia’s cyberattacks and was really scared at all. Americans deserve to know what’s going on.”

“Declassify what is known and what is unknown,” he demanded.

The Department of Homeland Security has instructed all federal agencies to remove compromised software on Sunday night, and thousands of companies were expected to do the same. The Pentagon said in a statement Wednesday that “there is no evidence of infringement” on sensitive networks and non-classified networks from the “evolving cyber incident.”

The NSA, DHS, and FBI explained to the House Intelligence Committee on Wednesday that they were widely regarded as a serious intelligence failure, and Democratic Senator Dick Durbin told CNN, “This is effectively Russia’s war against the United States. It’s a decree and you should accept it seriously. “

Among the business units scrambling to protect systems and assess potential information theft were the power industry, defense industry, and telecommunications companies.

The breach has evacuated SolarWinds, which is now based in the hills of Austin, Texas. The compromised product accounts for almost half of the company’s annual revenue, totaling $ 753.9 million in the first nine months of the year. Its inventory has plummeted 23% since the beginning of the week.

Moody’s Investors Service said Wednesday that it is considering downgrading the company because of “damaged reputation, significant customer losses, slowing performance, high remediation and potential legal costs.”

Kevin Thompson, longtime CEO of SolarWinds, announced a few months ago that he would resign at the end of the year as the company was considering spinning off one of its divisions. On December 7, the day before FireEye first announced the hacking of its system, and two days before the CEO change was announced, SolarWinds’ board of directors appointed his current PulseSecure CEO, Sudhakar Ramakrishna, to replace him. ..

The company’s two largest investors, Silver Lake and Thomas Bravo, control a majority stake in listed companies and sold more than $ 280 million to the Canadian public pension fund on December 7. did. The two private-equity companies in the joint statement said they were “unaware of this potential cyberattack” when they sold their shares. The next day, FireEye revealed that there was an information leak.

The hacking operation unknowingly welcomes hidden malicious code that could allow SolarWinds customers who have installed Orion software updates to give intruders the same view of the corporate network as their internal IT crew. It started in March when I was doing it. FireEye described the dizzying features of malware. At first, he was dormant for up to two weeks, but he was hiding behind the scenes, pretending to be an Orion activity.

FireEye said Wednesday that it has identified a “kill switch” that prevents malware used by hackers from working. However, while the original backdoor is disabled, it does not eliminate intruders from systems that have created various ways to remotely access the affected network.

SolarWinds executives declined an interview with a spokesperson citing an ongoing investigation into hacking activities involving the FBI and other agencies.

The last few weeks under Thompson’s command could be spent dealing with frightened customers, some of which may have been the target of SolarWinds and its most well-known clients. It was ranked.

Earlier this week, the company removed dozens of well-known customer web pages, from the White House, Pentagon and Secret Service to McDonald’s restaurant chains and the Smithsonian Museum. The Associated Press is one of its customers, but the news agency states that it did not use the compromised Orion product.

SolarWinds estimated in financial statements that approximately 18,000 customers installed the compromised software. And while it made them vulnerable to espionage, security experts say it’s unlikely that hackers have invaded the majority. Spies tend to have a narrow interest in such operations. FireEye did not name it, saying it had compromised dozens of “value targets” in government and industry. It has confirmed infections in governments, consulting firms, healthcare, technology, telecommunications, oil and gas industries in North America, Europe, Asia and the Middle East and is providing information to affected organizations around the world. That is.

Alex Stamos, a cybersecurity expert at Stanford University, said there are no well-qualified threat hunters around the world to look for malware hidden from operations on potentially infected organizations.

“We will reap the” iron harvest “of World War II malware for years to come,” he tweeted, saying that it continues to be found in Europe three-quarters of a century later. Mentioned the World War II bombs that originated.


Associated Press writers Frank Bajak of Boston and Mary Claire Jaronic and Lolita Baldor of Washington, DC contributed to this report.



Little-known SolarWinds Hacked, Scrutinized Stock Sales – NBC4 Washington

Source link Little-known SolarWinds Hacked, Scrutinized Stock Sales – NBC4 Washington

Show More

Related Articles

Back to top button