Total Tests:

The List of Known SolarWinds Breach Victims Grows, as Do Attack Vectors

By Maria Korolov for Data Center Knowledge
Wednesday, December 23, 2020

Helpful to data center security managers in the aftermath of the SolarWinds breach is the amount of attention the attack has received from security researchers.

"We know how it was compromised and what to look for," Ilia Kolochenko, CEO at ImmuniWeb, a cybersecurity firm, said. "But I'm confident that SolarWinds is not the most negligent company around the globe. It's reasonable to hypothesize that they're not the only victim."

The difference is that nobody knows what other IT vendors have been hacked, and what those indicators of compromise are.

ImmuniWeb recently researched about 400 major cybersecurity companies and found that 97 percent had data leaks or other security incidents exposed on the dark web – as well as 91 companies with exploitable website security vulnerabilities. As of September, when its report was published, 26 percent of those were still unfixed.

Researchers also found more than 100,000 high-risk incidents, such as login credentials, available on the dark web. "SolarWinds is probably just the tip of the iceberg of compromise of technology companies around the globe," Kolochenko told DCK.

"You cannot trust anyone, even your security vendor," Holger Mueller, an analyst at Constellation Research, said. The only solution is code review. "But who can and wants to review source code of security vendors?"

What might emerge in response is a new kind of vendor – one that provides tools that check security software for malware, he said. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential