SolarWinds

Acting CISA Director Considers List of SolarWinds Victims to be Complete

Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, described the list of victims of the SolarWinds Orion hack as “solidified” and said that no other victim companies are likely to emerge.

Wales made the remarks at an online forum hosted by the McCrary Institute at Auburn University in Alabama.

While Wales did not go over the list, the National Security Council’s Anne Neuberger already disclosed that nine federal agencies and roughly 100 private companies were affected by the breach, FCW reported.

During the forum, the acting CISA director also addressed other security concerns, including the recent Microsoft Exchange hack, which posed risks to users of the on-premise Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019.

According to Wales, investigations are ongoing to find out whether there have been compromises related to the vulnerabilities found in Microsoft’s Exchange software.

As of March 11, Eric Goldstein, executive assistant director of CISA’s cybersecurity division, said no federal civilian agencies have been compromised in the Microsoft Exchange hack.

CISA was able to mitigate the risks associated with the affected Microsoft Exchange servers because of an emergency directive that it released on March 2.

During his appearance at the forum, Wales also took the time to discuss CISA’s new effort to combat ransomware attacks, which he said have gone up since the shift to remote work.

The Reduce the Risk of Ransomware Campaign promotes a coordinated and sustained effort between public and private sector organizations to implement best practices, tools and resources for mitigating ransomware risk.