SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues, experts say. Hackers implanted a backdoor in a software update for SolarWind’s Orion network monitoring platform. The update with the backdoor was eventually installed by about 18,000 of the company’s customers. A Russian-based hacking group waged what appears to have been a cyberespionage campaign, investigators say. A key takeaway from the NIST analysis, Jay Gazlay said, is that organizations need to rethink their identity and access management efforts.”]
Source: https://www.cuinfosecurity.com/lesson-from-solarwinds-attack-its-time-to-beef-up-iam-a-16115