Microsoft At Fault? Company Ignored Warnings Of A Full-Blown Russian SolarWinds Malware Attack For Personal Gains

Dr. Hura Anwar3 weeks ago

0 23 2 minutes read

microsoft-at-fault?-company-ignored-warnings-of-a-full-blown-russian-solarwinds-malware-attack-for-personal-gains — Microsoft At Fault? Company Ignored Warnings Of A Full-Blown Russian SolarWinds Malware Attack For Personal Gains

Software giant Microsoft is currently in the hot seat after being accused of ignoring top whistleblowers’ warnings of a serious Russian-based SolarWinds malware attack. This was said to be years before the incident arose.

The company seemed to be more focused on attaining its own personal gains in the form of a government deal worth multibillion dollars with the Pentagon. The goal or agenda at the time was more linked to competing with firms such as Okta.

These fine details were unveiled as the findings of a new investigation carried out by ProPublica.

The tech giant’s former employee who goes by the name of Andrew Harris revealed how he used to work at the American Defense Department for a while and even at the Microsoft firm until 2020. According to him, the serious security flaw was mentioned and boldly highlighted to the executives working at the firm for a couple of years.

All the dangers and vulnerabilities present to the company’s workforce were also delineated, according to him and he kept on arguing how attackers would need to attain access to the main server to carry out their malicious attempts.

At first, Harris assumed the logic of being detailed entailed a serious flaw and therefore he continued to push ahead. He spoke to a host of other people at the firm and in the end, they came around acknowledging how a major issue did indeed exist.

Harris stood by his great claims about how a major issue was prevalent and that something serious needed to be done.

While the software giant was not in a hurry to amend the issue, he was notified about the firm’s clients regarding the flaw and worked alongside a couple of others in this regard. This solution certainly did not sit well with the organization as there was a lot at stake and any sort of friction would make matters worse and ruin the chances of it competing with archrival Okta.

These decisions don’t appear to be linked to what is in the company’s best interest but to what is in the best interest of the firm, Harris explained. The workforce did unite and felt they would indeed get rewarded for creating slick features instead of killing bugs.

For a while, security firms have really gone against Microsoft’s method of killing bugs. They continue to argue more on this front and how so many flaws were included in this system.

So many exploits keep getting unraveled and the company explained to Harris at the end how it would be curating solutions that would work in the long term. In the end, there was no real solution provided on this front despite such a serious exploit being unraveled by the company’s own employees.

While Microsoft did vow to generate its version of a bigger and better solution that would function in the long term, it didn’t roll out the right fix to ensure it remained guarded at all times from such a serious attack.

In 2019, the CEO of SolarWinds confirmed how attackers were present in systems and how the maneuver carried out was so sophisticated.

Months after Harris’ resignation from the company, hackers tried to exploit this shortcoming and started spying on the government through the company’s accounts. At the start, Microsoft admitted that the privacy of these source codes was not a major fault to worry about.

But with time, the investigation from ProPublica proved otherwise with hackers getting a hold of data belonging to leading US government offices.

Image: DIW-Aigen