The recent cyberattack on US administration offices has shocked the entire world. As reported earlier, the perpetrators behind the attack are stated to be Russian-linked hackers. Recent reports suggest that Microsofts Corp. was also exposed by the same malware which targeted the US states and government agencies. Fortunately, the investigations revealed that malicious software wasn’t used to attack others and didn’t impact customer data or outward-facing systems.
Company spokesperson Frank Shaw clarified Microsoft found code related to that cyber-attack, which was isolated and removed. He said, “We have not found evidence of access to production services or customer data.” For now, the Redmond based tech giant has only found “a few instances” of the SolarWinds malware in its computers. But there we no signs of further encroachment.
Microsoft President and Chief Legal Officer Brad Smith said, “We are still investigating, to be clear, but we found no indications the attackers were able to go from that point to create vulnerabilities in our products or services.”
Here are the facts that you need to know about the attack:
- The addition of a few benign-looking lines of code into a single DLL file spelt a severe threat to organizations using the affected product, a widely used IT administration software used across verticals, including government and the security industry.
- The discreet malicious codes inserted into the DLL called a backdoor composed of almost 4,000 lines that allowed the threat actor behind the attack to operate unfettered in compromised networks.
- The fact that the compromised file is digitally signed suggests the attackers could access the company’s software development or distribution pipeline.
- Evidence suggests that as early as October 2019, these attackers tested their ability to insert code by adding empty classes. Therefore, insertion of malicious code into the SolarWinds.Orion.Core.BusinessLayer.dll likely occurred at an early stage, before the software build’s final scenes, which would include digitally signing the compiled code. As a result, the DLL containing the malicious code is also digitally signed, enhancing its ability to run privileged actions—and keep a low profile.
- The challenge in detecting these kinds of attacks means organizations should focus on solutions that can look at different facets of network operations to see ongoing attacks already inside the network, in addition to strong preventative protection.
Microsoft is the world’s largest software maker and the second-biggest cloud-infrastructure provider in the world. Any successful cyber attack on the company damages its standing as a trusted cloud software provider and security service provider. The cyberattack was one of the biggest which the US had ever seen. But Microsoft has managed to keep the damage to a minimum for the safekeeping of its clients.
