Cyberattack is a very common phenomenon in the 21st century. Companies now invest so much to fight against cybersecurity. In fact, no one company can claim to be completely safe from cyber attacks. The SolarWinds attack has been a subject of deliberation by the American House of Representatives. According to reports, Microsoft President, Brad Smith, criticized its main competitors Amazon AWS and Google for not publicly sharing what they know about the SolarWinds attack information.
The attack damaged more than 18,000 companies. AWS admitted on Thursday that SolarWinds hackers used its Elastic Cloud Service (EC2) in the attack.
“You have other companies, some of the largest companies in our industry, that are well-known to have been involved in this, that still have not spoken publicly about what they felt,” Smith said. “There’s no indication that they even informed customers.”
Microsoft is more vocal on the issue
According to Smith, Microsoft has over 32 articles describing Microsoft’s observation with SolarWinds attackers. While Google has just one blog post on the issue, Amazon remains silent and has nothing.
“I’m worried that, to some degree, some other companies – some of our competitors even – just didn’t look very hard,”…“If you don’t look, you won’t find, and you’ll go to bed every night being blissfully ignorant. You will be thinking you don’t have a problem when, in fact, you do.” Smith claims
“Silence is not going to make this country stronger,” Smith said. “And so, I think we have to encourage, and I think, even mandate that certain companies do this kind of reporting … We at Microsoft have been reporting this kind of information, sharing data, and publishing blogs without any legal duty to do so.”
Amazon executives refused to go to Congress to testify, and some lawmakers said they would call Amazon representatives.
According to Joe Slowik, a senior security researcher at DomainTools, Amazon’s AWS can contribute financial information of the hackers in the SolarWinds attack. He also claims that they can disclose the hackers’ network traffic data on the Internet, and the hackers’ storage on Amazon AWS servers. These data can show the hacker’s active activities and what tools they may still be using.
At the congressional hearing on Friday, no senator or congressman mentioned Google’s name. However, according to a report on Tuesday in the U.S. “Political News”, Google on Monday provided legislators in Congress with a list of more than a dozen. The list of questions is designed to review the security of Microsoft products such as Windows 10, Azure, and Office 365.