What if Someone “Supply Chain”-Hacks Microsoft?

Topic

New Reply

The latest press on the Solar Winds hack discovered by FireEye explains that the hackers got into Solar Winds and were able to plant malicious code into software updates released by Solar Winds to its clients, which apparently includes large swaths of the US Government and many of its agencies.   This is called a “supply chain” hack.

What if they have been able to do the same at Microsoft, which releases updates to everybody in the world almost continuously?  Yes, Windows 10 is already loaded with back doors, but we might not like this particular extra one.

Is there anything we as users can do to protect against such a threat?

We know malware can get in to our computers from email attachments, advertisements and bad websites, all of which antivirus software is designed to (hopefully) protect us against.

We also know MS code can be deficient in many ways, but does AV software check MS patch or update downloads?
— AWRon

Reply | Quote

Replies

According to one in the string of [tweets] copied by Susan on her last blog, now at the  top of AskWoody’s  Head Page:

” WASHINGTON (Reuters) – Microsoft was hacked as part of the suspected Russian campaign that has hit multiple U.S. government agencies by taking advantage of the widespread use of software from SolarWinds Corp, according to people familiar with the matter. ”

There is more in the Associate Press article link to in my comment there. No one at MS, as far as I know and as I write this, has come out yet and said “We’ve been hacked” or words to that effect.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

doriel

Reply | Quote

AWRon wrote:

Is there anything we as users can do to protect against such a threat?

No. An undiscovered vulnerability can’t be found because it’s undiscovered.
No doubt there will be lots of checking going on and you will get patches as usual.

As a home user you will be of very little interest to these hackers.

cheers, Paul

1 user thanked author for this post.

OscarCP

Reply | Quote

Hi Paul:

I respectfully disagree regarding a possible hacker’s interest in a billion home user Windows 10 computers.

What if said hacker can insert undetected dormant malicious code into a Windows 10 version update that is — or even has been — rolled out to all users over time; and that code can be activated at some future moment to, for example, generate a massive DDOS attack on some one or more hacker-selectable target?

Or perpetrate some other more malicious exploit?

Many of us have never liked the evolving cloud model of our desktop computers essentially going back to being more powerful versions of what used to be green screen terminals off a mainframe.  This hack shows the potentially great vulnerability of this model, despite how obviously profitable it is for software developers.

— AWRon

4 users thanked author for this post.

RTEsysadmin, wavy, HiFlyer, OscarCP

Reply | Quote

Even as Microsoft has been hacked you could still rely on Microsoft’s, the best A/V, Defender, to stop the malware /s

Reply | Quote

I think AWRon raises very interesting points there. I think I understand whats he trying to explain and it would be most unwise to think, that its not possible to hack microsoft, or “inject some sleeping maliciuos code” into updates.
Since the cadence is so quick, once it could be done. Its just a matter of time untill someone tries. The more probable it is, since they use “non-admin” installations like Teams or windows updates itself are.
Once you will download malicious code from some download mirror.
Why I belive in that? Because of probability. Attacks can fail milion times, but the one that succeeds is important. Its the same as with my emails, for example. I can read email for two years and be carefull, but once I will come home drunk and I will click unwanted email, because I lost focus.
Same with antiviruses and checksums for example. Who says that antivirus cannot crash or contain some “unseen bug”?
Its just out of our (human) abilities to build system, that is 100% secure. Its just not possible.

Maybe thats why Microsoft is releasing updates with such cadence. Because it can mean, that they are training their own AI. Who has seen movie AlphaGo? They say that lot of small changes can be used to trian AI and predict user behaviour. Thats how htey build their own learning machine for Go game.

Im not saying that I want Windows to be hacked or Microsofts data stolen, but all Im saying is that is possible, maybe higly probable. Plus the fact that this is sweetspot for all hackers and tempting target. But users are OK, they dont need to be worried, since they cant influence that. W10 is considered as safe and I can agree and Defender is good piece of SW, that is reliable by my experience.
But you dont want to try hack and fail – then caught by MSFT, or US government. They are very close relatives now.

Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

Interesting news today indeed, there is lot of going on. More on bleeping computer.

https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/

Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote