SolarWinds Hack Leaves Entire Industry In Panic

There is still sheer panic in the US IT industry with the SolarWinds hack. There is hardly any other explanation for the extent to which the undoubtedly skilful attack is exaggerated by the various sizes of the sector.

In essence, the success of the attack is based on the fact that the perpetrators found a security hole in a software product that was used by almost all larger companies at a critical point in the IT infrastructure. However, there is no criticism of the underlying monoculture in the IT landscapes and the often frighteningly reckless handling of the topic of IT security.

Earlier: SolarWinds Hack: Attackers were able to see Microsoft’s source code

Instead, Microsoft President Brad Smith, for example, is now going on the thesis that it is virtually a gigantic enemy. “Thousands of very well trained and skilled engineers have worked on it,” he said, according to a report by US magazine MarketWatch. Such a sophisticated campaign on such a scale has never been seen.

Call for rules

But it’s not just Smith who blows that horn. The head of the security company FireEye, Kevin Mandia, speaks of the SolarWinds hack as part of a “decades-long campaign” by the Russian government to infiltrate American companies and authorities. In his view, the timing of the hack also speaks for this. As early as the end of 2019 there were dry tests to determine how far malware can be spread. In March 2020, the actual malicious software came into play, which then went undetected until last December.

Read More: SolarWinds Hack: Windows Source Code Selling On Dark Web For $600,000

Ultimately, however, there is so far no concrete evidence from which it can really be read who is really behind the attack. The statements of the above-mentioned persons are based only on some circumstantial evidence. Accordingly, it does not help if Mandia brings the thesis into play that certain norms have to be set online – similar to how ambulances are protected in a warlike conflict, for example. In order for such regulations to be enforceable, one would at least have to be able to clearly demonstrate who attacks originate from, which in many cases is almost impossible.