Top executives at Texas-based software company SolarWinds, Microsoft, and cybersecurity firms FireEyw and CrowdStrike Holdings have defended their behavior in violations accused by Russian hackers and tried to shift responsibility elsewhere in a U.S. Senate committee witness testimony.
Lawmakers began the hearing with criticism Amazon representatives who they said were invited to testify and whose servers were used to launch the cyberattack, for refusing to attend the hearing.
“I think they have a duty to cooperate with this investigation, and I hope they will do so voluntarily,” said Sen. Susan Collins, a Republican. “If they don’t, I think we need to look at the next steps.”
Executives advocated for greater transparency and the exchange of information on violations, with liability protection and a system that does not punish those who appear, similar to airline disaster investigations.
President of Microsoft Brad Smith and others told the U.S. Senate Selected Intelligence Committee that the true scope of the latest intrusions is still unknown, as most victims are not legally required to disclose attacks unless they include confidential personal information.
They were also witnesses FireEye CEO Kevin Mandy, whose company was the first to discover the hackers, SolarWinds CEO Sudhakar Ramakrishna, whose software was hijacked by spies to invade many other organizations, and CrowdStrike CEO George Kurz, whose company is helping SolarWinds recover from the breakthrough.
“It’s imperative for the nation to encourage and sometimes even demand a better exchange of information about cyberattacks,” Smith said.
Smith said many of the techniques used by hackers had not come to light and that “the attacker may have used up to a dozen different means to enter victims’ networks in the past year.”
Microsoft revealed last week that hackers were able to read the company’s tightly guarded source code on how its programs authenticate users. For many of the victims, hackers manipulated these programs to gain access to new areas within their targets.
Smith stressed that such a move is not due to software errors by Microsoft, but to poor configuration and other controls by the customer, including cases “when the keys to the safe and car are left out.”
In the case of CrowdStrike, the hackers used a third-party Microsoft software provider that had access to CrowdStrike systems and tried but failed to access the company’s email.
CurtdStrike’s Kurtz blamed Microsoft for the complex architecture, which he called “obsolete.”
“The actor in the threat is taking advantage of systemic weaknesses in Windows authentication architecture, allowing it to move sideways in the network “and reach the cloud environment, while bypassing multi-factor authentication,” said Kurz in a statement.
When Smith appealed for state aid in providing corrective instructions to users in the cloud, Kurz said Microsoft should turn to its own house and fix problems with its widely used Active Directory and Azure.
“If Microsoft tackles the limitations of the authentication architecture around Active Directory and Azure Active Directory or moves entirely to a different methodology, a significant threat vector will be completely eliminated from one of the most widely used authentication platforms in the world,” Kurz said.
Alex Stamos, ex Facebook and Yahoo The security chief, who now consults with SolarWinds, has agreed with Microsoft that customers who share their resources between their own premises and Microsoft’s cloud are at particular risk, as experienced hackers can move back and forth. must be moved entirely to the cloud.
But he added in an interview, “It’s also too hard to work with (cloud software) Azure ID secure and the complexity of the product creates many opportunities for attackers to escalate privileges or hide access. “
© Thomson Reuters 2021
Is the Samsung Galaxy S21 + the ideal flagship for most Indians? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts,, Google Podcasts, or RSS,, download the episodeor just press the play button below.