Word of the cyber-attack—suspected to have been perpetrated by Russian hackers—came on Dec. 8, when cyber-security firm FireEye disclosed it had been hacked by “a highly sophisticated state-sponsored attacker.” The hackers “operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past,” FireEye said.
“Software supply-chain risk is far from a new concept. Over the last decade we’ve seen many instances of what happens when the supply chain is tampered with and subsequently tainted. What makes this problem intractable is that every business, whether they acknowledge it or not, relies on a software supply chain for both homegrown and third-party applications.”
Kunal Anand, Chief Technology Officer, Imperva
The cyber-attack traces back to third-party network management software vendor SolarWinds, in which hackers implanted malicious code within a software update to SolarWinds Orion products, allowing hackers to gain a foothold in the network and gain elevated credentials, according to Microsoft’s analysis of the attack. Once implanted,…
