The former head of the CISO (U.S. Cybersecurity Infrastructure and Security Agency) and former Facebook security expert Alex Stamos were hired by SolarWinds to get them back on track and make sense of what happened.
Big Guns for a Big Problem
SolarWinds suffered a significant supply chain attack affecting more than 18,000 customers, and since then, they have been struggling to put the pieces back together. Last week, top SolarWinds’ executives made the decision to hire two cybercrime heavy hitters, Christopher Krebs, former head of the U.S. Cybersecurity Infrastructure and Security Agency, and Alex Stamos, former Facebook security expert.
They have contracted with both men who are tasked with helping to figure out what happened, how, and where to go from here. The supply chain attack affected many government agencies, including the U.S. Federal Courts, the Department of Homeland Security (DHS), and the Treasury and Justice systems.
Krebs, of KrebsOnSecurity, was hired in 2018 as the first director of the CISA. He was then abruptly fired by President Donald Trump a few weeks ago.
Stamos, formerly the CISO of Facebook, also founded the Stanford Internet Observatory and has helped with other cybercrime incidents over the past couple of years. Zoom reached out to Stamos to help them revamp their security practices and plug gaping holes in their infrastructure.
SolarWinds’ new CEO, Sudhakar Ramakrishna, hired the two professionals to help restructure “security programs, policies, teams, and culture.” Ramakrishna had accepted the position before the attack was announced but started in his new role this past week. In a recent blog post, he promised;
“I commit to being transparent with our customers, our government partners, and the general public in both the near-term and long-term about our security enhancements to ensure we maintain what’s most important to us - your trust.”
The SolarWinds attack is being hailed as the worst ever with an initial nine-month-long data breach that affected 18,000 SolarWinds Orion users and then a second wave targeting Microsoft, FireEye, and numerous government agencies. These cybercrime fighters have their work cut out for them with this one.
New Beginnings and a Perfect Pairing
The two experts recently joined forces and created their own consulting company called the Krebs Stamos Group to help with crisis-management and response for these exact types of issues.
The company website states that, “Krebs Stamos Group helps organizations turn their greatest cybersecurity challenges into triumphs.”
Their mission statement continues with;
“We work with our clients to help them understand the threats they face, the weaknesses in their posture, and the role they play in the security of our wider society. We help our clients build the security teams, processes, programs, and culture needed to exceed the expectations of their customers and shareholders. We provide our clients clear-eyed, candid, and experienced advice on critical, long-lasting decisions in moments of extreme crisis.”
Krebs and Stamos agree that it may take months or even years for all the affected organizations to recover and rebound.
Initial investigations show that the Sunburst malware was injected during the software development phase of manufacturing for Orion products. SolarWinds is now looking into their operations to find out how this could have happened.
According to Data Breach Today, “company’s engineering operations in Eastern Europe to see if they may have been subverted by malicious insiders.”
The Bottom Line
If anyone can help solve this puzzle and get SolarWinds back on track, it’s these two well respected, effective cybercrime experts. If SolarWinds is to survive this massive blow, they will need all the help they can get.