Little-known SolarWinds hack checks on stock sales – tech2.org

Little-known SolarWinds hack checks on stock sales


Prior to this week, few knew of SolarWinds, a Texas software company that provides critical computer network monitoring services to corporations and government agencies around the world.

But the revelations of elite cyber spies have spent months secretly exploiting the software of SolarWinds Peers in computer networks have placed many of their highest-profile customers on high alert in national governments and Fortune 500 companies. And it is raising questions about how quickly company insiders know about its security vulnerabilities because its biggest investors have sold the stock.

Founded in Tulsa, Oklahoma by two brothers in 1999, ahead of the computer bug of the feared turn-of-the-millennium Y2, the company’s website says its first product is “to help IT professionals find everyone’s world-end Arrived at the scene to allay fears. “

This time, its products are frightening. On Sunday, the company began alerting its customers to 33,000 people that an “outside nation state” – widely suspected of Russia – had found a back door in some updated versions of its flagship product, Orion. Ubiquitous software tools, which help organizations monitor the performance of their computer networks and servers, have become a tool for spies to steal without notice.

“They are not a household name the way Microsoft is.” This is because their software sits in the back office, ”said Rob Oliver, a research analyst at Baird, who has followed the company for years. “Workers could spend their entire careers without hearing about SolarWinds. But I guarantee that your IT department will be aware of it. “

Now a lot of other people also know about it. One of SolarWinds’ clients at California’s cyber security firm FireEye, was the first to discover a cyberspace operation. FireEye revealed earlier this month that its own systems were broken by attackers who shut down with its defensive hacking tool. Other targeted espionage targets were the US Treasury and Department of Commerce.

The cyber security unit of the Department of Homeland Security this week directed all federal agencies to remove compromised software and thousands of companies were expected to do the same.

Business areas were the power industry, defense contractors, and telecommunications firms to assess the security of their systems and the potential theft of information.

The breech has caused a crisis for SolarWinds, now located in the hilly areas of Austin, Texas. The company accounts for about half of the company’s annual revenue, which was $ 753.9 million in the first nine months of this year. Its stock has lost 23% since the beginning of the week.

Moody’s Investors Service said on Wednesday that it was trying to lower its rating for the company, citing “the potential for loss of customers, material loss of customers, sluggish business performance and higher Corrective and legal costs.

Longtime CEO of SolarWinds, Kevin Thompson indicated months ago that he would leave at the end of the year as the company spinned off one of its divisions. The SolarWinds board appointed its replacement, current PulseSecure CEO Sudhakar Ramakrishna, on 7 December, according to a financial filing, with Firerei publicly disclosing the hack on its system for the first time and two days before the CEO announced the change.

It was also on December 7 that the company’s two largest investors, Silver Lake and Thoma Bravo, which controlled a majority stake in the publicly traded company, sold more than $ 280 million in Canadian public pension funds. Of. In a joint statement the two private equity firms said they were “not aware of this potential cyber attack” when they sold the stock. It was six days later when SolarWinds revealed the breach.

The hacking operation began at least in early March when SolarWind customers who installed updates to their Orion software were unwittingly welcoming hidden malicious code that could give intruders a view similar to their corporate networks that In-house IT crew. FireEye described the dizzying capabilities of the malware – initially dormant for two weeks, hiding its reconnaissance forces in plain sight by marking them as Orion activity.

FireEye said on Wednesday that it had identified a “kilnswitch” that prevents malware used by hackers from operating. But when it deactivates the original backdoor, it will not remove intruders from systems where they created various ways to access remotely victimized networks.

SolarWinds officials declined the interview through a spokesperson, who cited ongoing investigations into the hacking operation that includes the FBI and other agencies.

“Oliver said,” This is an unimaginable, unfortunate situation. “SolarWinds products have always been reliable. Its value proposition has been around reliability. ”

Thompson is likely to spend the last few weeks at the helm responding to terrified customers, some of whom are also ranked about marketing tactics that might have targeted SolarWinds and its highest-profile clients.

Earlier this week, the company took out a web page that included dozens of well-known customers ranging from the White House, Pentagon and Secret Service to McDonald’s restaurant chains and the Smithsonian Museum.

The Associated Press is among SolarWinds, with thousands of customers reported, though the news agency said it did not use compromised Orion products. SolarWinds estimated in a financial filing that about 18,000 customers had installed compromised software, meaning many of them were vulnerable to espionage operations at some point this year.

FireEye, without naming any specific targets, said it has confirmed infections in North America, Europe, Asia and the Middle East, including the health care and oil and gas industries – and by informing affected customers around the world Used to be.

___

AP technology writer Frank Bajak in Boston contributed to this report.

.

Leave a Reply

Your email address will not be published.