Another SolarWinds Orion Hack

2021-02-04 12:11

The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies.

While the alleged Russian hackers penetrated deep into SolarWinds network and hid a "Back door" in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion's code to help spread across networks they had already compromised, the sources said.

Two, SolarWinds' terrible security is the result of a conscious business decision to reduce costs in the name of short-term profits.

These private equity-owned software firms torture professionals with bad user experiences and shitty customer support in everything from yoga studio software to car dealer IT to the nightmarish 'core' software that runs small banks and credit unions, as close as one gets to automating Office Space.

In other words, the same sloppy and corrupt practices that allowed this massive cybersecurity hack made Bravo a billionaire.

SolarWinds increased its profits by increasing its cybersecurity risk, and then transferred that risk to its customers without their knowledge or consent.

News URL

https://www.schneier.com/blog/archives/2021/02/another-solarwinds-orion-hack.html

#hack #solarwinds

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	104	80	50	267