This week in SolarWinds.
Microsoft has made it clear its systems were not used for the SolarWinds breach. They have clarified that they believe it was credential theft that allowed access.
Security Consultant Alex Stamos, who is working with SolarWinds, has attributed the attack to the Russian foreign intelligence service, known as SVR.
Senators Mark Warner of Virginia and Marco Rubio of Florida, the chair and ranking Republican of the Senate Intelligence Committee have called the US government response “disjointed and disorganized”, and are asking for a lead to the effort.
The White House responded the next day naming Anne Neuberger to the new post of deputy national security adviser for cyber and emerging technology.
The US Coast Guard has ordered facilities and vessels using SolarWinds software to report security breaches in case of suspicions of being breached.
SolarWinds MSP has indicated that VP of Security, Tim Brown, will stay with the parent company, and they are looking for a CISO for the new company, to be named N-Able.
Why do we care?
I have an interview coming out talking about threat modeling, and I will tease something said. This industry is too secretive and not collaborative when it comes to security.
Based on the size and scale, we are getting so many individual lessons as this story continues on, and thus why I continue to follow it.