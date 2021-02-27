



Microsoft President Brad Smith has criticized top rivals Amazon Web Services and Google Friday for not publicly sharing what they know about the SolarWinds attack.

Smith has published to Congressman 32 blogs about what Microsoft’s observations and sees from SolarWinds attackers during the campaign by a software giant based in Redmond, Washington, but Google has one. He published only the blog and said Amazon didn’t publish anything. AWS confirmed Thursday that SolarWinds hackers used Elastic Compute Cloud (EC2) in their attacks.

“As far as I know, some companies haven’t warned customers or others that they are victims of SolarWinds-based attacks,” Smith said Friday. “These are companies that launched attacks using their own infrastructure. And for some reason, it is part of their responsibility to let these victims know that they are victims. I don’t think, and we need to change that. “

Senator Richard Barr of RN.C. said a SolarWinds hacker used AWS cloud hosting to run a program to communicate and control poison code installed on the victim’s system. Several U.S. senators blamed AWS on Tuesday and refused to testify at a hearing about the invasion of SolarWinds, hinting at the possibility of multiple Republicans subpouring Amazon’s representatives.

“I actually think it should start with transparency,” Smith said. “I’m here today. I’m answering all your questions … I think we’ll all benefit if tech companies create a culture of sharing more information.”

AWS shows network traffic data that shows how SolarWinds hackers paid for the service, who they interacted with on the Internet, and other activities that the hackers did, and in some cases other tools. You can get financial information about the data stored on the server itself. Joe Slowik, senior security researcher at DomainTools, told The Wall Street Journal Thursday.

Google wasn’t mentioned by senators or lawmakers at the hearing on Tuesday or Friday, but Politico asked more than 12 questions on Tuesday, aimed at Google scrutinizing the security of Microsoft products such as Windows 10 on Monday. Reported that he provided a list of members to the Senate. , Azure and Office 365. Neither AWS nor Google responded immediately to CRN’s request for comment.

Unlike AWS and Google, Smith said Friday that Microsoft would notify customers as soon as the company discovered that an attacker had invaded the network, even if the breach had nothing to do with Microsoft’s services. According to Smith, Microsoft has done this more than 13,000 times in the last two and a half years in response to nation-state attacks.

“You have other companies that are some of the biggest companies in our industry, well known for being involved in this, but haven’t talked publicly about what they felt. “Smith said. “There is no sign that they even informed their customers.

Microsoft has notified 60 customers that it has been compromised by SolarWinds hackers, and Smith states that about half of these companies are telecommunications and technology companies. According to Smith, most of the affected telecommunications and technology customers haven’t announced that they were attacked as part of the SolarWinds campaign.

“To some extent, I’m worried that some other companies, and even some of our competitors, didn’t look that difficult,” Smith said. “I can’t find it without seeing it, and fortunately I’m ignorant and go to bed every night, thinking that there is no problem even though it’s actually okay.”

Mr Smith said lawmakers should move forward voluntarily and call for the loyalty of American companies to share information. But, according to Smith, it’s becoming clear that it’s not enough or isn’t working. As a result, Smith said companies in critical infrastructure businesses, or companies that are the “first responders” to security incidents, must have a legal obligation to report what they know. I did.

“Silence does not intend to strengthen the country,” Smith said. “Therefore, I think we need to encourage. I think certain companies require this kind of reporting … Microsoft reports this kind of information, shares data, and I have published a blog. “

SolarWinds CEO Sudhakar Ramakrishna said Friday that it would be easier to resolve the issue by asking House members to talk to more vendors and customers about the impact of the intrusion. Unless the government and the private sector share the information they have for the collective benefit of all Americans, it is not enough to devote more resources to pure security.

“The challenge here is one of the potential proceedings, and as I explain, one of the victims’ own emergence,” said Ramakrishna. “And they need to be eliminated, or in order for many of us to come out and speak openly, we need to eliminate their stigma.”

Microsoft Gold Partner BDO Digital Principal and National GTM and Strategic Partnership Leader Ric Opal praise Microsoft for being “transparent” about what happened in the SolarWinds attack and “aggressive” throughout its cybersecurity approach. Said. ..

“They are harnessing the power of data to protect us all, and I think they’re very close,” said Opal, Microsoft’s recent final report on the SolarWinds attack. Pointed out.

“They aren’t just transparent, I think Brad Smith testifies, but everything is actually written in writing. You can download the report,” Opal said. It was. “What I see [from Microsoft] Good intentions and willingness to solve problems. And they’re not going to do it alone … everyone has to work together here. And the only way to work together is to set aside business goals and address the problem. “

Contributed by Kyle Alspach, Senior Editor of CRN.

