SolarWinds hack: what just happened?

Solarigate, Sunbusrt, UNC2452 or whatever they call it, how even fireEye, SolarWinds, Crowdstrike and many other involved are able to sell and survive after this disaster, and how security community is able to trust them again?

it is interesting that how these top security companies with lots of managed service and bunch of products in their portfolio lectured everybody and then for 9+ months they did not figure out that they had been hacked?!

I don’t care if SolarWinds share holders knew so they cashed out their stock a few days prior to breaking the news, as some media are talking about it, but about the hack and its technicality I have opinion: it is not sophisticated, and it is simply a matter of understanding essentials of supply chain security and exposures and executing standard security practices.

of course they say the hack was sophisticated because top security firms don’t want to admit they were naive in Detection & Response. let’s be result oriented.

Kaveh Mofidi

By Kaveh Mofidi

I find simple solutions for complex problems. While I enjoy working with information security and computers, our challenges extend far beyond securing data. The real task is to discover solutions for unlimited clean energy, drinkable water, and addressing the root causes of hunger, war, and injustice. Our primary goal should be to keep our planet livable; that is the true challenge we face on Earth!