new video loaded: Magnitude of SolarWinds Breach Still Unclear, Executives Say
Magnitude of SolarWinds Breach Still Unclear, Executives Say
At a Senate Intelligence Committee hearing on Tuesday, executives defended how they responded to the SolarWinds breach and warned Senators the hack could be bigger than they previously knew.
We need to improve the sharing of threat intelligence. Now, that is the term in the cybersecurity community for information about attacks that people see. And our fundamental challenge today is that this information too often exists in silos. It exists in silos in government, exists in different companies. It doesn’t go together. Who knows all of what happened here? An entity knows it. It was the attacker. Perhaps the most significant finding to date in our investigation is what the threat actor used to inject Sunburst into our Orion platform. Sunspot, which we have discovered, poses a serious risk of automated supply chain attacks via many software development companies, as the software processes used by SolarWinds are common in the industry. The attackers entered through the SolarWinds implant and the very first thing they did was go get your keys, your tokens. Basically, they stole your identity architecture, so they can access your networks the same way your employees can. And that’s why this attack was hard to find. These attackers from Day 1, they had a backdoor. Almost imagine a secret door in your house; and the first thing that happens when they walk through that secret door is all your keys are there. They just grab them. And now they can fit into any lock you have in your house.
Recent episodes of we