SolarWinds Still blowing
Microsoft announced on June 25 that the hackers responsible for the SolarWinds supply chain breach had breached security at their company through an employee computer, using their breach as a basis for targeting customers. The hack used a relatively unsophisticated password spraying method that simply launches massive numbers of guesses at logins until a password is hit. Microsoft say the attack was only successful in three instances.
The attack has come as Microsoft continues to investigate Nobelium, the hacking group that employed SolarWinds software to attack 9 US government entities and 100 private businesses; the US government has stated that the group is operated by Russian spy agencies. Once the hackers had access to accounts, it was possible for them to view billing information and the types of services purchased, amongst other details. Microsoft has urged customers to change their passwords and take care when communicating with billing contacts.
The Nobelium attack was 57% focused on IT companies and 20% on government organizations, with a variety of NGOs, think tanks and financial providers making up the rest of the targets. The fact that the group was apparently able to access Microsoft, which should be one of the best defended companies in the world, with such ease demonstrates the increasing capacity of the group and represents a major worry for security experts.
New Google Reliability Notices
Google has moved to address criticism that it facilitates the spread of misinformation by stating that when people search for information about breaking news or rapidly developing issues, they will receive warnings stating that due to the rapidly changing nature of the story they are looking for, the sources may not be entirely reliable. Users will be advised that they will get better information if they check on the story later. The global pandemic has caused increased criticism of social media companies and search engines for failing to do enough to address online misinformation, hatred, and extremism.
On the other-hand Google and other Big Tech companies have faced criticism for engaging in censorship of differing viewpoints.
Google is attempting to address such criticism with the new reliability alerts, as well as contextualizing search results; users in the US can now see a new “About this result” label that contextualizes the source.
Google is planning to partner with Wikipedia to offer more background on websites that appear in searches, including when it was indexed and whether it has a secure connection.
No doubt further partnering among Big Tech outfits will create more controversy and concern about censorship, online freedom and respecting a wide diversity of opinions.