SolarWinds Hack Attack May Have Begun With a Weak Password
%2Favatars%2Fbs4H99bMLD3P.jpg&w=96&q=75)
%2Fimg%2Fiea%2F9lwjoLlkOE%2Fsolarwinds-hack-weak-password.jpg&w=3840&q=75)
It's still hard to tell what components led to the SolarWinds massive cybersecurity breach, but some reports claim that it could have all begun with an old school password blunder.
What we do know is that 100 companies and nine federal agencies were targeted by hackers during this security breach, but it remains to be seen what exactly enabled them to get such compromising access.
At a recent U.S. House of Representatives Oversight and Homeland Security Committees hearing, SolarWinds' current President and CEO, Sudhakar Ramakrishna, former CEO Kevin Thompson, CEO of the security company, FireEye, Kevin Mandia, and President of Microsoft Brad Smith all gave testimonies on the issue.
Smith said without a shadow of a doubt that "From a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen."
Password blunder may have caused the massive attack
Even though this may have been such a grand cyber security attack, Thompson says it may have all started when an intern set a crucial password to "solarwinds123," and then shared it online on an "internal account."
Thompson explained that "As soon as it was identified and brought to the attention of my security team, they took that down."
Adding to this, current SolarWinds CEO Ramakrishna testified saying "I believe that was a password that an intern used on one of his…servers back in 2017 which was reported to our security team and it was immediately removed."
It's hard to know just how quickly the weak password was removed, but it may have been the reason why the server was easily accessible.
It's not certain, though, that this password issue was the sole, or even part of, the reason why hackers were able to access American systems, and we may never fully find out. However, uncovering such lax security practices demonstrates just how much has to be done in the sector if such attacks are to be blocked in the future.
"The bottom line: We may never know the full range and extent of damage, and we may never know the full range and extent as to how the stolen information is benefitting an adversary," FireEye CEO Mandia said at the hearing. And he may well be right.
SHOW COMMENT (1)
/2023/09/27/image/jpeg/4G3PRWatxk8bhsGpNmXl7KX3QebUD2tNPDjUwl8I.jpg "Tesla and co attempt to impress with a humanoid bot video")
/2023/07/28/image/jpeg/dFsuWVob5MupWCOVN9MonuzEXMUIG0JHv96G7w8C.jpg "Could a gene switch off anxiety?")
/2023/07/25/image/jpeg/EsZwPyG4S6umbUUUilWWXjZQi4TTIgbjNVzKH4IN.jpg "Rechargeable batteries made from waste")
/2023/09/12/image/jpeg/E1LfUWjqRrg0bFqBnRzB7XzmfJAd6YPNclMl5I9n.jpg "How AI can revolutionize health on long-duration spaceflights")
/2023/08/25/image/png/5hf1N5LFzyDY4pUpvoJ0BtpujwCPfsL68t1cAIVj.png "Why is anti-piracy software Denuvo stirring controversy?")
/2023/09/20/image/jpeg/GbCK0hde2nR9kSs3cEVNjZTZ0DVOtgyTUVCQA5bs.jpg "Life by 2100: Space settlements, education, and the future of warfare")
/2023/09/27/image/jpeg/hU07XtyG7GvSo5QfCALfndeNFpZceMzzMBKd89Tc.jpg "Mihai Gruieti: ‘AI doesn’t take jobs, it transforms them’")
/2023/09/27/image/jpeg/oOwQ2G6YcZaRWCbmOZAVQrmrJFo7Z8sNE0BWsYFO.jpg "NASA's Chandra gives new insights into 1840s Great Eruption")
/2023/09/22/image/jpeg/N09BSEVNiNkMLnA50kD8o3yiMP8ye1mAEFwtWa4G.jpg "Is carbon capture the missing piece in the net zero puzzle?")
/2023/09/27/image/jpeg/6fcj2SNVuMghAyhAMBn24Zj6pMzkNlckLqB1KEV6.jpg "Giant Magellan Telescope's last mirror production underway")