it is really funny when they call it one of the most sophisticated hacks in history and stuff like that, because it is actually one the most stupid hacks of all the times.
nothing is really surprising about Solarigate or whatever they call it to me except how those companies that forever they have been lecturing us on how to monitor and secure network, were not able to identify the breach for more than a year, almost 14 months?
so really the only surprising thing is that how they are able to still sell products, how companies still buying those services, and how security community is able to easily fool itself again and again and always and believe what has been done is right.
I mean look at the result, how they are able to protect you if they are not able to protest themselves?
SolarWinds is results of ignoring basics of security, the very simple rules which have been around for at least 6 decades. nothing is new, the way the hack is executed is not new, using insecure gates of supply chain has been known by hackers community for decades.
but rather than paying attention to basics, we ignore them and we go after fancy ideas, and complex tools. the way we are trying to secure cyberspace is like fertilizing a plant with super strong chemicals while the only it needs is watering and moving to shade to protect from harsh 102 degree direct sunlight.