Senior executives at Texas-based software firm SolarWinds, Microsoft, and cybersecurity firms FireEyw and CrowdStrike Holdings have defended their conduct in violations blamed on Russian hackers and sought to shift responsibility elsewhere in testimony before a panel of the US Senate Tuesday.
One of the worst hacks ever discovered impacted all four. The SolarWinds and Microsoft programs have been used to attack other people, and the hack has hit around 100 US companies and nine federal agencies.
Lawmakers began the hearing by criticizing Amazon officials, who they said were invited to testify and whose servers were used to launch the cyber attack, for refusing to attend the hearing.
“I think they have an obligation to cooperate with this investigation, and I hope they will do so voluntarily,” said Senator Susan Collins, a Republican. “If not, I think we should consider the next steps.”
Leaders called for greater transparency and information sharing on violations, with accountability protections and a system that does not punish those who do come forward, such as investigations of air disasters.
Microsoft Chairman Brad Smith and others told the US Senate Special Committee on Intelligence that the true scope of the latest intrusions is still unknown, as most victims are not legally required to disclose attacks to unless they concern sensitive information about individuals.
FireEye CEO Kevin Mandia, whose company was the first to discover hackers, Sudhakar Ramakrishna, CEO of SolarWinds, whose company software was hijacked by spies for introduce into a host of other organizations, and CrowdStrike CEO George Kurtz also testified. whose company is helping SolarWinds recover from the breach.
“It is imperative for the nation to encourage and sometimes even demand better information sharing on cyber attacks,” Smith said.
Smith said that many techniques used by hackers have not been disclosed and that “the attacker may have used as many as a dozen different means to gain access to victim networks over the past year” .
Microsoft revealed last week that hackers were able to read the company’s closely watched source code to find out how its programs authenticate users. In many victims, hackers have manipulated these programs to gain access to new areas within their targets.
Smith pointed out that such a move was not due to programming errors on Microsoft’s part but to misconfigurations and other checks on the part of the customer, including cases “where the keys to the vault and of the car were left in the open “.
In the case of CrowdStrike, the hackers used a third-party software vendor Microsoft, which had access to CrowdStrike systems, and attempted, but unsuccessfully, to access company emails.
CrowdStrike’s Kurtz blamed Microsoft for its complex architecture, which he called “outdated.”
“The threat actor took advantage of the systemic weaknesses of the Windows authentication architecture, allowing it to move sideways in the network” and reach the cloud environment while bypassing multi-factor authentication, the statement said. prepared by Kurtz.
While Smith appealed for the government’s help in providing remedial guidance to cloud users, Kurtz said Microsoft should look to its own home and fix the issues with its widely used Active Directory and Azure.
“If Microsoft remedied the limitations of the authentication architecture around Active Directory and Azure Active Directory, or moved to an entirely different methodology, a significant threat vector would be completely eliminated from one of the platforms. ‘most used authentication in the world,’ Kurtz said.
Alex Stamos, former Facebook security chief and now Yahoo consultant for SolarWinds, has agreed with Microsoft that customers who share their resources between their own premises and Microsoft’s cloud are particularly at risk, as experienced hackers can do something wrong. back and forth, and should switch entirely to the cloud.
But he added in an interview: “It is also too difficult to run Azure ID (cloud software) securely, and the complexity of the product creates many opportunities for attackers to increase privileges or hide access. . “
© Thomson Reuters 2021
Is the Samsung Galaxy S21 + the Perfect Flagship for Most Indians? We discussed it on Orbital, our weekly tech podcast, which you can subscribe to through Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.
Note: The content and images used in this article is rewritten and sourced from gadgets.ndtv.com