Skip to main content

A Second SolarWinds Hack Deepens Third-Party Software Fears

posted onFebruary 4, 2021
by l33tdawg
Wired
Credit: Wired

It's been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia wasn't alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.

SolarWinds patched the vulnerability in December that the alleged China hackers exploited. But the revelation underscores the seemingly impossible task that organizations face in dealing with not only their own security issues but also potential exposure from the countless third-party companies they partner with for services that range from IT management to data storage to office chat. In today's interconnected landscape, you're only as strong as your weakest vendor.

“It’s not realistic to not depend on any third parties,” says Katie Nickels, director of intelligence at the security firm Red Canary. “It’s just not realistic the way any network is run. But what we saw for the first week or two, even after the initial SolarWinds revelations, was some organizations just trying to figure out whether they even use SolarWinds products. So I think the shift has to be to knowing those dependencies and understanding how they should and shouldn’t be interacting.”

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th