

Microsoft Corp.’s Security Response Center today concluded its internal investigation into the SolarWinds Worldwide LLC breach, finding that although some source code was downloaded, there was no evidence hackers had abused internal systems or products to attack its users.
Reports that Microsoft had been a possible victim of the SolarWinds hack first emerged Dec. 17 with the suggestion that the hackers had breached the company and then used Microsoft’s products in follow-on attacks against others. The report was denied by Microsoft President Brad Smith at the time, but to the company’s credit it then launched a full internal investigation into anything to do with SolarWinds and the hackers involved.
Microsoft’s researchers found was that there was no case where all repositories related to any single product or service were accessed and no access was gained to the vast majority of source code. In the event where code repositories were accessed, only a few individual files were viewed.
For a small number of repositories, there was additional access including in some cases the downloading of component source code. The repositories contained code for a small subset of Azure, Intune and Exchange components.
The researchers notes that search terms used by the hackers indicate that they were attempting to find secrets but were not successful as Microsoft’s development policy prohibits secrets in code, using automated tools to verify compliance.
In terms of Microsoft tools being used to attack others, the researchers found no indication of that taking place. They further added that because of so-called defense-in-depth protections, the hackers were also not able to gain access to privileged credentials.
To avoid attacks in the future, the researchers recommended that a zero-trust “assume breach” philosophy be adopted as a critical part of defense as well as protecting credentials being essential.
“Microsoft closing their investigation today marks the first step in the process of the security community recovering from the Solorigate attack,” Kevin Dunne, president at integrated risk management solutions provider Greenlight Technologies Inc., told SiliconANGLE. “This attack highlighted the need to reconsider trust at all levels of the security supply chain — even in terms of trusting updates from long-tenured, legitimate suppliers.”
Oliver Tavakoli, chief technology officer at artificial intelligence cybersecurity company Vectra AI Inc., said the adoption of a zero-trust architecture was something that had already been accelerating during the pandemic and the new normal of working from home. “Microsoft points out that organizations should go one step further by adopting it as a ‘mindset’ – accept that all of the initial lines of defense can fail and that security controls need to be layered across all systems critical to an organization,” he added.
Dirk Schrader, global vice president at cybersecurity and compliance software firm New Net Technologies Ltd., disagreed, however, saying that a zero-trust plan seems like a good idea at first sight but is misleading here.
“The Solorigate incident isn’t about a user who should not be trusted, it is about the sourcing itself and for this scenario, the user and the IT administration will be overwhelmed at the end,” Schrader explained. “At some stag, trust needs to be established to be operational and with thousands of changes incurred to files and settings when rolling out a Microsoft patch day update, the IT administration would certainly not want to check each and every change.”
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.