[ad_1]
- Microsoft has revealed that SolarWinds hackers were able to breach its security and gain access to sensitive source code, although they could not make changes to it.
- The company said hackers did not have access to production services or customer data, and the company’s systems were not being used to attack other targets.
- Some security experts believe that even a glance at the data in the source code could provide information that could contribute to future attacks.
One of the worst things that happened last year was the massive SolarWinds hack in mid-December that impacted government agencies and Fortune 500 companies. Hackers are attempting attacks like this. this all the time, but the SolarWinds attack is more dangerous because it is believed to originate from Russia. The Kremlin could deny the operation, but experts have already pointed the finger at Russia since the investigation began. More than two weeks after the hacks, Microsoft revealed that the attackers were able to gain access to critical software, the source code for one or more undisclosed products.
Microsoft explained in a blog post that hackers were unable to modify the source code. But even a glance at a source code from a company like Microsoft could be enough for hackers to develop new attacks that compromise other Microsoft products.
The best deal of the day 
Top-selling respirators are on sale for just $ 2.12 each through this Amazon Coupon List of prices:$ 49.99 Price:$ 42.49 You save:$ 7.50 (15%) 
Available on Amazon, BGR may receive a commission Available on Amazon BGR may receive commission
If a nation state launched the SolarWinds attack, access to the source code is even more important. Microsoft did not explain in its blog post what type of source code was seen, so it is not clear what type of software could be affected. Let’s not forget that Microsoft makes a lot of software other than Windows. The company produces tons of software, which is why hackers would go after its secrets. The list includes the popular Office suite, as well as a variety of cloud apps and solutions. Many businesses and government agencies depend on Microsoft software, and source code information could offer attackers new ways to bypass security solutions and penetrate targets in future attacks.
Microsoft released its new findings on December 31, but Reuters reports that three people briefed on the matter said the software giant had known for days that its source code was breached in the attack.
“Source code is the architectural model of how software is built,” Cycode’s Andrew Fife told the news agency. Cycode is an Israel-based company that develops source code solutions. “If you have the master plan, it’s a lot easier to design attacks.” Cycode CTO Ronen Slavin wondered what kind of source code had been accessed. “For me, the bigger question is, ‘Was that recognition for the next big deal? “Slavin asked.
Here’s how Microsoft described unauthorized access to the source code:
We detected unusual activity with a small number of internal accounts and upon examination found that one account had been used to view source code in a number of source code repositories. The account was not authorized to change the code or engineering systems and our investigation confirmed that no changes were made. These accounts have been studied and corrected.
The company also explained that its investigation found “no evidence of access to production services or customer data. The investigation, which is ongoing, also found no indication that our systems were used to attack other people. The FBI is also investigating the SolarWinds attacks.
Microsoft did not name Russia in the post, but made it clear that it believed it was fighting “a very sophisticated nation-state player.”
The company also says it uses a “presumption of violation” philosophy in its security practices. It is an assumption that attackers will breach its security. The company also explained that it uses open source principles within the company to make the source code visible in Microsoft. “This means we don’t rely on source code secrecy for product security, and our threat models assume attackers have knowledge of the source code,” the company wrote. “So viewing the source code is not related to the increased risk.”
Microsoft’s blog post aims to reassure governments and customers, but the fact remains that hackers may be in possession of the kinds of secrets they shouldn’t have access to. Time will tell if access to Microsoft’s source code will allow the same team of attackers to create even more sophisticated hacks.
Chris Smith started writing about gadgets as a hobby, and before he even knew it, he was sharing his take on tech with readers around the world. Whenever he doesn’t write about gadgets, he miserably fails to walk away from them, although he desperately tries. But that’s not necessarily a bad thing.
[ad_2]
Source link