Supply Chain Attack Likely Continues, He Tells ’60 Minutes’ Prajeet Nair (@prajeetspeaks) • February 15, 2021
Microsoft President Brad Smith (Photo: Microsoft)
More than 1,000 developers likely worked on rewriting code for the massive SolarWinds supply chain attack that affected many companies and U.S. government agencies, Microsoft President Brad Smith said in a Sunday interview, pointing out the attack is most likely continuing.
In an interview with CBS News’ “60 Minutes,” Smith said the supply chain attack was “the largest and most sophisticated attack the world has ever seen.”
The U.S. federal agencies investigating the attack, which targeted Microsoft and other technology and cybersecurity companies, say it was likely a cyberespionage campaign waged by Russian hackers (see: SolarWinds Attack: Pointing a Finger at Russia). Some investigators have said that Russia’s SVR foreign intelligence service may have been behind the hacking campaign.
In the interview, Smith noted that Russia had previously developed these types of cyber tactics to target Ukraine in 2017.
The supply chain attack “exposes the secrets potentially of the United States and other governments as well as private companies. I don’t think anyone knows for certain how all of this information will be used. But we do know this: It is in the wrong hands,” Smith said.
The Biden administration recently appointed Anne Neuberger, the deputy national security adviser for cyber and emerging technology, to coordinate the investigation into the supply chain attack following criticism from two senators that the probe, which involves four agencies, has lacked coordination and transparency (see: White House Taps Neuberger to Lead SolarWinds Probe).
Started With a Backdoor
The hackers planted a backdoor known as “Sunburst” within SolarWinds’ Orion network monitoring software, which then spread when about 18,000 of the company’s customers downloaded updates.
Intelligence experts have suggested that about 300 organizations may have been hit with follow-on, more advanced attacks, which could have led to data exfiltration and eavesdropping, including email inbox access. Those attacks were fueled by the installation of second-stage malware called Teardrop.
Smith noted that while it was not as disruptive to daily life as the Russian NotPetya attack that targeted Ukraine in 2017, the SolarWinds supply chain attack illustrates how hackers can persist.
As a result of the NotPetya attack in Ukraine, Smith says, “Ukranian television stations couldn’t produce their shows because they relied on computers. Automated teller machines stopped working. Grocery stores couldn’t take a credit card. Now, what we saw with this [SolarWinds] attack was something that was more targeted. But it just shows how if you engage in this kind of tactic, you can unleash an enormous amount of damage and havoc.”
Saying that the SolarWinds supply chain attack likely continues, Smith said the only way to know, for certain, that malware is completely removed from the infrastructure is for affected organizations to rip and replace nearly all affected computers and network gear, Smith says (see: CISA Warns SolarWinds Incident Response May Be Substantial).
FireEye’s Discovery
The security firm FireEye was the first company to notice the supply chain attack after its penetration testing tools were stolen.
The investigation later revealed that several U.S. federal agencies, including the Justice, Treasury, Homeland Security, Commerce and Energy departments, as well as parts of the Pentagon, were also affected by the hacking campaign. These agencies all apparently used SolarWinds’ Orion as part of their IT infrastructure.
Smith noted in the TV interview that the hackers appear to have rewritten about 4,000 lines of code that were part of the Orion software update, which shows the level of sophistication needed to pull off such as an attack.
Smith also pointed out that the hacking group planted additional backdoors following the initial attack. Security firms have revealed that malware, in addition to Teardrop, included Sunspot and Raindrop (see: ‘Raindrop’ Is Latest Malware Tied to SolarWinds Hack).
What Was Entry Point?
Microsoft’s security team recently said that the Office 365 suite of products did not serve as an initial entry point for the SolarWinds attackers.
SolarWinds CEO Sudhakar Ramakrishna noted that the investigation could not point to a specific vulnerability in Office 365 as part of the attack, but he said that the hackers may have compromised an email account that allowed them to gain the initial access into the network before planting a backdoor into the Orion software.
Acting CISA Director Brandon Wales told The Wall Street Journal that the SolarWinds attackers likely gained access to targets using a multitude of methods, including password spraying.
‘Did We Take Our Eyes Off the Ball?’
Anthony Ferrante, former director for cyber incident response at the National Security Council at the White House, notes: “This cyberattack is the exact type of threat I worried about when I was at the White House – a nation-state threat that infects the software supply chain. And now it’s here and it’s affecting not just the U.S. government but some of its most sensitive interests, as well as private sector organizations.”
Ferrante, who is now global head of cybersecurity at FTI Consulting, adds: “We were given so much confidence going into the presidential election that the U.S. government had insight into what nation-states might do. But does this attack suggest that we didn’t actually know everything? Did we take our eyes off the ball?”
CHICAGO (AP) — United Airlines has struck a deal with Elon Musk’s SpaceX to offer satellite-based Starlink WiFi service on flights within the next several years.
The airline said Friday the service will be free to passengers.
United said it will begin testing the service early next year and begin offering it on some flights by later in 2025.
Financial details of the deal were not disclosed.
The announcement comes as airlines rush to offer more amenities as a way to stand out when passengers pick a carrier for a trip. United’s goal is to make sitting on a plane pretty much like being on the ground when it comes to browsing the internet, streaming entertainment and playing games.
“Everything you can do on the ground, you’ll soon be able to do on board a United plane at 35,000 feet, just about anywhere in the world,” CEO Scott Kirby said in announcing the deal.
The airline says Starlink will allow passengers to get internet access even over oceans and polar regions where traditional cell or Wi-Fi signals may be weak or missing.
Sony has made it easy for Canadian consumers to preorder the PlayStation 5 Pro in Canada directly from PlayStation’s official website. Here’s how:
Visit the Official Website: Go to direct.playstation.com and navigate to the PS5 Pro section once preorders go live on September 26, 2024.
Create or Log in to Your PlayStation Account: If you don’t have a PlayStation account, you will need to create one. Existing users can simply log in to proceed.
Place Your Preorder: Once logged in, follow the instructions to preorder your PS5 Pro. Ensure you have a valid payment method ready and double-check your shipping information for accuracy.
Preorder Through Major Canadian Retailers
While preordering directly from PlayStation is a popular option, you can also secure your PS5 Pro through trusted Canadian retailers. These retailers are expected to offer preorders on or after September 26:
Best Buy Canada
Walmart Canada
EB Games (GameStop)
Amazon Canada
The Source
Steps to Preorder via Canadian Retailers:
Visit Retailer Websites: Search for “PlayStation 5 Pro” on the website of your preferred retailer starting on September 26.
Create or Log in to Your Account: If you’re shopping online, having an account with the retailer can speed up the preorder process.
Preorder in Store: For those who prefer in-person shopping, check with local stores regarding availability and preorder policies.
3. Sign Up for Notifications
Many retailers and websites offer the option to sign up for notifications when the preorder goes live. If you’re worried about missing out due to high demand, this can be a useful option.
Visit Retailer Sites: Look for a “Notify Me” or “Email Alerts” option and enter your email to stay informed.
Use PlayStation Alerts: Sign up for notifications directly through Sony to be one of the first to know when preorders are available.
4. Prepare for High Demand
Preordering the PS5 Pro is expected to be competitive, with high demand likely to result in quick sellouts, just as with the initial release of the original PS5. To maximize your chances of securing a preorder:
Act Quickly: Be prepared to place your order as soon as preorders open. Timing is key, as stock can run out within minutes.
Double-Check Payment Information: Ensure your credit card or payment method is ready to go. Any delays during the checkout process could result in losing your spot.
Stay Informed: Monitor PlayStation and retailer websites for updates on restocks or additional preorder windows.
Final Thoughts
The PlayStation 5 Pro is set to take gaming to the next level with its enhanced performance, graphics, and new features. Canadian gamers should be ready to act fast when preorders open on September 26, 2024, to secure their console ahead of the holiday season. Whether you choose to preorder through PlayStation’s official website or your preferred retailer, following the steps outlined above will help ensure a smooth and successful preorder experience.
For more details on the PS5 Pro and to preorder, visit direct.playstation.com or stay tuned to updates from major Canadian retailers.
Since the PlayStation 5 (PS5) launched four years ago, PlayStation has continuously evolved to meet the demands of its players. Today, we are excited to announce the next step in this journey: the PlayStation 5 Pro. Designed for the most dedicated players and game creators, the PS5 Pro brings groundbreaking advancements in gaming hardware, raising the bar for what’s possible.
Key Features of the PS5 Pro
The PS5 Pro comes equipped with several key performance enhancements, addressing the requests of gamers for smoother, higher-quality graphics at a consistent 60 frames per second (FPS). The console’s standout features include:
Upgraded GPU: The PS5 Pro’s GPU boasts 67% more Compute Units than the current PS5, combined with 28% faster memory. This allows for up to 45% faster rendering speeds, ensuring a smoother gaming experience.
Advanced Ray Tracing: Ray tracing capabilities have been significantly enhanced, with reflections and refractions of light being processed at double or triple the speed of the current PS5, creating more dynamic visuals.
AI-Driven Upscaling: Introducing PlayStation Spectral Super Resolution, an AI-based upscaling technology that adds extraordinary detail to images, resulting in sharper image clarity.
Backward Compatibility & Game Boost: More than 8,500 PS4 games playable on PS5 Pro will benefit from PS5 Pro Game Boost, stabilizing or enhancing performance. PS4 games will also see improved resolution on select titles.
VRR & 8K Support: The PS5 Pro supports Variable Refresh Rate (VRR) and 8K gaming for the ultimate visual experience, while also launching with the latest wireless technology, Wi-Fi 7, in supported regions.
Optimized Games & Patches
Game creators have quickly embraced the new technology that comes with the PS5 Pro. Many games will receive free updates to take full advantage of the console’s new features, labeled as PS5 Pro Enhanced. Some of the highly anticipated titles include:
Alan Wake 2
Assassin’s Creed: Shadows
Demon’s Souls
Dragon’s Dogma 2
Final Fantasy 7 Rebirth
Gran Turismo 7
Marvel’s Spider-Man 2
Ratchet & Clank: Rift Apart
Horizon Forbidden West
These updates will allow players to experience their favorite games at a higher fidelity, taking full advantage of the console’s improved graphics and performance.
Design & Compatibility
Maintaining consistency within the PS5 family, the PS5 Pro retains the same height and width as the original PS5 model. Players will also have the option to add an Ultra HD Blu-ray Disc Drive or swap console covers when available.
Additionally, the PS5 Pro is fully compatible with all existing PS5 accessories, including the PlayStation VR2, DualSense Edge, Pulse Elite, and Access controller. This ensures seamless integration into your current gaming setup.
Pricing & Availability
The PS5 Pro will be available starting November 7, 2024, at a manufacturer’s suggested retail price (MSRP) of:
$699.99 USD
$949.99 CAD
£699.99 GBP
€799.99 EUR
¥119,980 JPY
Each PS5 Pro comes with a 2TB SSD, a DualSense wireless controller, and a copy of Astro’s Playroom pre-installed. Pre-orders begin on September 26, 2024, and the console will be available at participating retailers and directly from PlayStation via direct.playstation.com.
The launch of the PS5 Pro marks a new chapter in PlayStation’s commitment to delivering cutting-edge gaming experiences. Whether players choose the standard PS5 or the PS5 Pro, PlayStation aims to provide the best possible gaming experience for everyone.
Preorder your PS5 Pro and step into the next generation of gaming this holiday season.
