https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Shutterstock

Man checking off digital checklist

Microsoft Joins List of Victims of Massive SolarWinds Hack

  • Written by Edward Gately
  • December 18, 2020
Microsoft president Brad Smith said the attack provides a moment of reckoning.

The list of targets in the massive SolarWinds hack now includes Microsoft. Expect more vendors to join the dubious registry.

Microsoft issued the following statement:

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data.”

The attackers didn’t use Microsoft’s systems to attack others, it said.

FireEye, which has investigated numerous high-profile data breaches, also fell victim to the SolarWinds hack.

The hackers inserted malicious code into SolarWinds‘ Orion software updates sent to nearly 18,000 customers. It existed in updates released between March and June of this year.

This led to security breaches at numerous U.S. government agencies. Those include the Treasury Department, the National Telecommunications and Information Administration (NTIA) and the Department of Homeland Security (DHS). The attacker also breached SolarWinds’ corporate clients.

The Cozy Bear hacking group, which U.S. authorities suggest gets backing from Russian state intelligence, likely performed the SolarWinds hack.

Moment of Reckoning

Brad Smith is Microsoft’s president. He said the attack “illuminates the ways the cybersecurity landscape continues to evolve and becomes even more dangerous.”

Microsoft's Brad Smith

Microsoft’s Brad Smith

“As much as anything, this attack provides a moment of reckoning,” he said. “It requires that we look with clear eyes at the growing threats we face, and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response.”

The U.S. Department of Energy is the latest agency confirming it has been breached. However, it hasn’t impacted the department’s national security functions. That includes the National Nuclear Security Administration (NNSA).

The agency took immediate action to mitigate the risk, said Saylyn Hynes, agency spokesperson. All vulnerable software was disconnected from the DOE network.

Kaspersky Findings

On Friday, Kaspersky released its findings on the Sunburst backdoor, the malware planted in SolarWinds Orion.

Costin Raiu is head of Kaspersky’s global research and analysis team.

Kaspersky's Costin Raiu

Kaspersky’s Costin Raiu

“In this case, it would appear the main goal was espionage,” he said. “The attackers showed a deep understanding and knowledge of Office 365, Azure, Exchange, Powershell — and leveraged it in many creative ways to constantly monitor and extract emails from their true victims’ systems.”

One of the things that sets this attack apart is the peculiar victim profiling and validation scheme, Raiu said. The attackers flagged only a handful of the 18,000 Orion IT customers as interesting.

“Finding which of the 18,000 networks were further exploited, receiving more malware, installing persistence mechanisms and exfiltrating data is likely going to cast some light into the attacker’s motives and priorities,” he said.

High-Value Targets

High-value targets include a government organization and a telecommunications company in the United States, according to Kaspersky. It didn’t disclose the identities of the organizations. Furthermore, it notified the two organizations, offering its support to discover further malicious activities, if needed.

“For those that use Orion IT, we recommend scanning your system with an updated security suite capable of detecting the compromised packages from SolarWinds,” Raiu said. “Check your network traffic for all the publicly known indicators of compromise (IOCs).”

Kaspersky has spent the past few days checking its own telemetry for signs of this attack, writing …

  • Page 1
  • Page 2
Tags: MSPs VARs/SIs Best Practices Business Models RMM/PSA Security Technologies

Related


  • QCT Next-generation NVMe Storage Servers featuring Excelero NVMesh
    Deploying NMVe flash enables you maximize performance and capacity utilization while opening doors to new business opportunities. But how do you decide which is the right solution for you? This solution overview of QCT next-generation NVMe storage servers featuring Excelero NVMesh boasts… A pre-validated All-NVMe scalable 1 U server. Linear scalability and low latency. Centralized […]
  • Select a Hire
    Commvault Partners Get New Global Leader with Dell EMC Vet
    Mercer Rowe is moving to a new role strengthening Commvault's Asia Pacific business.
  • office 365
    How to Improve First Call Resolution with Microsoft Office 365 Service Tickets
    Here are some tools and strategies for improving the rate of FCR with Office 365 service tickets.
  • Channel Partners Virtual Banner Header CF
    Don't Wait for Fall's 'Homecoming' Channel Event — CP Virtual 2021 Is Coming Soon
    Content for Channel Partners Virtual doesn't take a backseat to what you get at our live events.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Massive SolarWinds Hack Leads to Class-Action Lawsuit
  • VMware Lawsuit: Nutanix CEO Showed 'Poor Judgment,' 'Conflict of Interest'
  • Pax8 Buys Wirehive as 'Customer of 2030,' Needs Extensive Cloud Help Now
  • Cybersecurity Top Priority Among IT Leaders, AI/Automation Not So Much

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

Help Your Customers Mitigate Malware: Viruses, Worms, and Trojans…Oh My!

January 15, 2021

SMBs’ Cybersecurity Risk Awareness Is Rising

January 13, 2021

Your Cloud Data Is Protected, But Is It Portable?

January 12, 2021

Webinars

View all

Blueprint for a Scalable MSSP Practice in 2021

January 21, 2021

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@IBMServices snaps up #MSP Taos for #hybridcloud expertise. dlvr.it/RqggQR https://t.co/Fy3uPDtLNw

January 16, 2021
ChannelFutures

.@LenovoBusiness launches its thinnest #ThinkPad to date @CES, revamped ThinkBooks and #ThinkReality glasses.… twitter.com/i/web/status/1…

January 16, 2021
ChannelFutures

Help your customers mitigate #malware @Tech_Data #cryptolocker #antivirus #ransomware #cybersecurity… twitter.com/i/web/status/1…

January 15, 2021
ChannelFutures

Advantages of the Subscription business model for MSPs and IT Resellers @kaspersky dlvr.it/RqgDJn https://t.co/ay694fudp3

January 15, 2021
ChannelFutures

Cloud #distributor @Pax8 launches in UK with leadership team in place. dlvr.it/RqfJWx https://t.co/RsKDCowM5V

January 15, 2021
ChannelFutures

bit.ly/3oO2vFY twitter.com/Craig_Galbrait…

January 15, 2021
ChannelFutures

The Ultimate MSP Guide to Sales Efficiency @zomentum dlvr.it/Rqc63q https://t.co/rHIVLkR01K

January 15, 2021
ChannelFutures

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools dlvr.it/Rqc62k https://t.co/MQDcIYc7G9

January 15, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X