HomeRisk ManagementsSunburst: US Judge Dismisses Majority of SEC Charges Against SolarWinds

Sunburst: US Judge Dismisses Majority of SEC Charges Against SolarWinds

Published on

spot_img

In a recent development, a US judge has dismissed the majority of the accusations brought forth by the US Securities and Exchange Commission (SEC) against IT management software company SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown, in connection to a significant cyberattack that occurred in 2020.

The decision, which was disclosed on July 18, was made by US District Judge Paul Engelmayer in Manhattan. Judge Engelmayer stated that the claims made by the SEC, which alleged that SolarWinds and Brown had concealed security vulnerabilities following the ‘Sunburst’ hack, leading to investor fraud, were primarily based on hindsight and speculative reasoning.

Furthermore, Judge Engelmayer also threw out most of the SEC’s allegations concerning statements made prior to the cyberattack. These statements accused the company of failing to disclose security weaknesses in its products before the breach occurred.

The only accusation that the judge deemed valid pertained to the security controls that were lacking within SolarWinds products.

The Sunburst cyberattack, also known as the SolarWinds attack, was a supply chain attack that was uncovered in December 2020. This attack had a widespread impact, affecting numerous organizations globally, including several key US federal government departments such as Commerce, Energy, Homeland Security, State, and Treasury.

The hackers behind the attack, believed to have ties to the Russian government, exploited software or credentials from companies like Microsoft, SolarWinds, and VMware. By infiltrating SolarWinds’ software and introducing malicious code known as ‘Sunburst’ into their Orion network management software, the attackers were able to gain remote access to systems running the infected software and potentially exfiltrate sensitive data.

The attack was particularly damaging as many organizations relied on SolarWinds’ Orion platform for essential network monitoring, unknowingly making themselves vulnerable once the compromised update was installed.

Following the cyberattack, the SEC filed a lawsuit in October 2023, accusing SolarWinds and Brown of misconduct both before, during, and after the incident. This legal action marked a rare instance where a company victimized by a cyber-attack was targeted by a US regulator, along with one of its executives.

In response to the judge’s decision, SolarWinds expressed satisfaction and anticipation for the upcoming phase of the legal process where they will have the opportunity to present their side of the story and demonstrate why the remaining claim is factually inaccurate.

On the other hand, Brown’s legal representatives refrained from commenting immediately on the matter, while the SEC chose not to provide any statements in response to the ruling.

As the case progresses, it will be interesting to see how the remaining SEC accusation against SolarWinds and Brown will be further evaluated and how this landmark lawsuit against a cyber-attack’s victim will unfold in the legal landscape.

Source link

Latest articles

Women’s Care and Pulmonary Sleep Breaches

In a concerning trend for healthcare security, two healthcare providers have publicly revealed data...

Citrix Secure Access Client Vulnerability Allows Low-Privileged Windows Users to Attain SYSTEM Privileges

Cloud Software Group has recently alerted users to significant vulnerabilities affecting both the Citrix...

Ransomware Disrupts Fairlife Dairy Production

Production Halted at Fairlife Dairy Facilities Following Ransomware Attack In a significant cybersecurity incident, Fairlife,...

OpenSSL DoS Vulnerability Allows Remote Attackers to Deplete Server Memory with a Simple 11-Byte Payload

Newly Disclosed OpenSSL Vulnerability Underscores Reliance on Foundational Libraries Recent findings have unveiled a vulnerability...

More like this

Women’s Care and Pulmonary Sleep Breaches

In a concerning trend for healthcare security, two healthcare providers have publicly revealed data...

Citrix Secure Access Client Vulnerability Allows Low-Privileged Windows Users to Attain SYSTEM Privileges

Cloud Software Group has recently alerted users to significant vulnerabilities affecting both the Citrix...

Ransomware Disrupts Fairlife Dairy Production

Production Halted at Fairlife Dairy Facilities Following Ransomware Attack In a significant cybersecurity incident, Fairlife,...