Startup Observer.com
  • Home
  • Industries
  • Innovation
  • outsourcing
  • Business
  • Finance
  • Headlines
  • Opinion
  • News
Home Business Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America
Business

Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America

by maria September 10, 2021
September 10, 2021
gawdo

By Christopher Bing, Chris Prentice and Joseph Menn

(Reuters) – A U.S. Securities and Exchange Commission investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful information unearthed in the expanding probe will expose them to liability, according to six people familiar with the inquiry.

The SEC is asking companies to turn over records into “any other” data breach or ransomware attack dating back to October 2019 if they downloaded a bugged network-management software update from SolarWinds Corp, which delivers products used across corporate America, according to details of the letters shared with Reuters.

People familiar with the inquiry say the requests may reveal numerous unreported cyber incidents unrelated to the Russian espionage campaign, giving the SEC a rare level of insight into previously unknown incidents that the companies likely never intended to disclose.

“I’ve never seen anything like this,” said a consultant who works with dozens of publicly traded companies that recently received the request. “What companies are concerned about is they don’t know how the SEC will use this information. And most companies have had unreported breaches since then.” The consultant spoke on condition of anonymity to discuss his experience.

An SEC official said the request’s intent was to find other breaches relevant to the SolarWinds incident.

The SEC told companies they would not be penalized if they shared data about the SolarWinds hack voluntarily, but did not offer that amnesty for other compromises.

Cyberattacks have grown in both frequency and impact, prompting deep concern in the White House over the last year. U.S. officials have faulted companies for failing to disclose such events, arguing that it conceals the extent of the problem from shareholders, policymakers and law enforcement looking for the worst offenders.

People familiar with the SEC investigation told Reuters the letters went to hundreds of companies, including many in the technology, finance and energy sectors, thought to be potentially affected by the SolarWinds attacks. That number exceeds the 100 that the Department of Homeland Security said had downloaded the bad SolarWinds software and then had it exploited.

Since last year, only about two dozen firms have been publicly identified as impacted, including Microsoft Corp, Cisco Systems, FireEye Inc and Intel Corp. Of those contacted for this story only Cisco confirmed receiving the SEC letter. A Cisco spokesperson said it has responded to the SEC’s request.

Cybersecurity research has also suggested https://www.netresec.com/?page=Blog&month=2021-01&post=Twenty-three-SUNBURST-Targets-Identified software maker Qualys Inc and oil energy company Chevron Corp were among those targeted in the Russian cyber operation. Both declined to comment on the SEC investigation.

About 18,000 clients of SolarWinds downloaded a hacked version of its software, which the cyber criminals manipulated for potential future access. Yet only a small subset of those customers saw follow-on hacking activity, suggesting the attackers infected far more companies than they ultimately victimized.

The SEC sent letters last month to companies believed to have been affected, following an initial https://www.reuters.com/technology/us-sec-official-says-agency-has-begun-probe-cyber-breach-by-solarwinds-2021-06-21 round sent in June, according to six sources who have seen the letters.

The second wave of requests were addressed to recipients at companies from the first round who had not responded. The exact number of recipients is unclear.

The current probe is “unprecedented” in terms of the lack of clarity over the SEC’s goal in such a large sweep, said Jina Choi, a partner at Morrison & Foerster LLP and former SEC director who has worked on cybersecurity cases.

Though the SEC issued guidance a decade ago calling for companies to disclose hacks that could be material, then updated that guidance in 2018, most admissions have been vague.

Gary Gensler, who took the helm at the SEC in April, has tasked the agency with issuing new disclosure requirements ranging from cybersecurity to climate risk.

While the hack was first reported by Reuters https://www.reuters.com/article/us-usa-cyber-treasury-exclusive-idUSKBN28N0PG more than nine months ago, the actual impact of the wide-scale digital spying operation, which U.S. officials say came from a Russian intelligence service, remains largely unknown.

Government officials have shied away from sharing a comprehensive account of what was stolen or what the Russians were after, but described it as traditional government espionage.

Scores of companies have referred to the hacks in SEC filings, but many cite the events only as an example of the sort of intrusion they might one day experience. Most that say they had SolarWinds software installed add that they do not believe their most sensitive data was taken.

John Reed Stark, former head of the SEC’s office of internet enforcement, said “companies will struggle to answer these questions – not just because these are broad, sweeping and all-encompassing requests, but also because the SEC is bound to discover some sort of mistake” in what they’ve previously disclosed.

(Reporting by Christopher Bing, Chris Prentice and Joseph Menn; Editing by Chris Sanders and Edward Tobin)

www.gawdo.com
Share on FacebookShare on TwitterShare on Linkedin
0 FacebookTwitterPinterestEmail
previous post
COVID-19 impact could hit Japanese automakers’ output in Oct
next post
Malaysia’s Top Glove says U.S. lifts import ban over forced labour

You may also like

How to streamline logistics costs 

August 11, 2022

Ciphr appoints David Burns as chief technology officer

August 2, 2022

Pipedrive welcomes its 1000th employee to accelerate the...

August 1, 2022
Editorial & Advertiser disclosureEditorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
gawdo.com
https://www.gawdo.com
  • About us
  • Advertising & Terms of Use
  • Contact Us
  • Privacy Policy

@2021 - All Right Reserved.


Back To Top
Startup Observer.com
  • Home
  • Industries
  • Innovation
  • outsourcing
  • Business
  • Finance
  • Headlines
  • Opinion
  • News
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT