Microsoft: SolarWinds attack took more than 1,000 engineers to create



iStock-1199334120You may have missed this extremely interesting bit of data that ZDNet just published. "Microsoft reckons that the huge attack on security vendors and more took the combined power of at least 1,000 engineers to create. 

"The months-long hacking campaign that affected US government agencies and cybersecurity vendors was "the largest and most sophisticated attack the world has ever seen," Microsoft president Brad Smith has said, and involved a vast number of developers.

"The attack, disclosed by security firm FireEye and Microsoft in December, may have impacted as many as 18,000 organizations as a result of the Sunburst (or Solorigate) malware planted inside SolarWinds's Orion network management software. "I think from a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen," Smith told CBSNews' 60 Minutes

"Kevin Mandia, CEO of FireEye, also discussed how the attackers set off an alarm but only after the attackers had successfully enrolled a second smartphone connected to a FireEye employee's account for its two-factor authentication system. Employees need that two-factor code to remotely sign into the company's VPN. "Just like everybody working from home, we have two-factor authentication," said Mandia.

"A code pops up on our phone. We have to type in that code. And then we can log in. A FireEye employee was logging in, but the difference was our security staff looked at the login and we noticed that individual had two phones registered to their name. So our security employee called that person up and we asked, "Hey, did you actually register a second device on our network?" And our employee said, "No. It wasn't, it wasn't me."

Here is the link to the full ZDNet article:

https://www.zdnet.com/article/microsoft-solarwinds-attack-took-more-than-1000-engineers-to-create/


12+ Ways to Hack Multi-Factor Authentication eBook

All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks. 

12 Ways MFA EBookYou will learn more about:

  • Two-factor authentication basics
  • How to hack two-factor authentication
  • How to best protect your organization from cybercriminals

Get the eBook

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/12-way-to-hack-two-factor-authentication



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews