Editorial

Fallout of SolarWinds attacks could continue for years, says Krebs

SolarWinds has the former US government cyber security chief to help deal with the crisis

Posted 11 January 2021 by Christine Horton


It could take years before all of the compromised systems affected by the SolarWinds cybersecurity breach can be made completely secure again.

That’s according to former US government cybersecurity chief, Chris Krebs, who has been hired by the software vendor to help deal with the fallout.

The SolarWinds attack is seen as the biggest and most significant in recent history.

The Financial Times reports that Krebs and his business partner, Alex Stamos, Facebook’s former security chief, will co-ordinate the company’s crisis response.

The FT, quotes Krebs as saying: “This has been a multiyear effort by one of the very best, the most sophisticated intelligence operations in the world. It was just one small part of a much larger plan that’s highly sophisticated, so I would be expecting more companies that have been compromised; more techniques that we’re yet to find…There’s so much more to be written I think in this chapter of Russian cyber-intelligence operations.”

The list of victims of the suspected Russian cyber-espionage campaign keeps growing. SolarWinds said in December that 18,000 of its clients may have been exposed, who hijacked one of its software products.

It is believed to have breached up to 10 federal agencies in the US, including the federal judiciary. The Wall Street Journal reports that the department is working on new security procedures to protect “highly sensitive confidential documents filed with the courts,” according to a statement Wednesday by the Administrative Office of the U.S. Courts.

“An apparent compromise of the confidentiality of the [filing] system due to these discovered vulnerabilities currently is under investigation,” the statement said. “Due to the nature of the attacks, the review of this matter and its impact is ongoing.”

Krebs led the US cyber security agency until November, until he was fired by Donald Trump for challenging claims that the US presidential election had been compromised by fraud.