Security News > 2021 > February > Microsoft president asks Congress to force private-sector orgs to publicly admit when they've been hacked
The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft's president and top lawyer Brad Smith.
While only Smith was willing to say categorically that it was Russia, FireEye's CEO Kevin Mandia noted that following an intensive investigation by his team, which included looking for clues in reams of decompiled code, they had concluded that the hack was "Not consistent with China, North Korea or Iran, and was most consistent with Russia."
Mandia said the hack had been "Exceptionally hard to detect," and Smith said the whole attack was in a "Different category" to any other previous hacking effort.
Smith also said Microsoft had warned 60 of its customers that they were likely compromised by the SolarWinds hackers, who, according to Smith, "May have used up to a dozen different means of getting into victim networks during the past year." It's understood Microsoft's antivirus telemetry picked up signs of intrusion in at least some of those cases.
Smith couldn't resist pushing his company's interest, however: he argued that the size and scope of the hack meant that it was more important than ever that everyone move their computing to the cloud.
As for insights from the other major tech company that was embroiled in the hack, Amazon Web Services, a representative for the company refused to attend the hearing; something that didn't sit well and was repeatedly raised by Senators, including the committee's chair and vice-chair.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/24/microsoft_solarwinds_congress/