Updated: Feb 25, 2021
Yesterday was a pivotal moment in private and public sector cybersecurity cooperation. The Senate Intelligence Committee held its first public congressional hearing on the SolarWinds hack. FireEye CEO Kevin Mandia, along with Sudhakar Ramakrishna, the president and CEO of SolarWinds; Brad Smith, the president of Microsoft; and George Kurtz, the president and CEO of Crowdstrike spoke with government leaders about lessons learned and how to move forward from the SolarWinds attack. The full hearing can be viewed here: https://www.c-span.org/video/?509234-1/senate-intelligence-hearing-solarwinds-hacking
Sean Deuby, Director of Services, Semperis weighed-in and gave his perspective on the first hearing:
“[Yesterday's] Senate Intelligence Committee hearing on the SolarWinds attack highlighted an extremely important aspect of cybersecurity – and it wasn’t related to SolarWinds or supply chains.
It’s too easy for companies to dismiss the relevance of this attack with ‘I don’t use SolarWinds’ or ‘There’s nothing I could have done about it, so why try?’ But the facts this testimony revealed are that basic security measures to protect on-premises identity systems such as Active Directory may have prevented many companies from being compromised in the first place.
Senator Mark Warner pointed out that 30% of the victims did not have Orion software installed and that they were attacked via other methods. In response, Microsoft President Brad Smith stated that his company had identified 60 customers where the attackers got in via on-premises systems, obtained administrative credentials, and then used them to obtain access to their online services such as Office 365. Kevin Mandia, CEO of Mandiant, said that ‘the number one other way we’re seeing these attackers break in is called password spray’ (which tries common or re-used passwords against tens or hundreds of accounts). These are not highly sophisticated, nation-state-only tactics; they’re tried and true methods used broadly by all bad actors to break into Active Directory in organizations around the world.
You don’t need to have Mandiant-like sophistication to protect your organization. Applying well-known security practices such as MFA, preventing common passwords, and applying active monitoring and automatic remediation against unauthorized changes in your on-premises identity systems will vastly increase your protection against cyber threats. As George Kurtz, Crowdstrike CEO, stated in the hearing, ‘Every second counts to stop the threat actors from achieving their objectives.’”