Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos

SolarWinds Hires New Cybersecurity Firm Founded by Former CISA Director Chris Krebs and Alex Stamos, Former Security Chief at Yahoo and Facebook

SolarWinds Hires New Cybersecurity Firm Founded by Former CISA Director Chris Krebs and Alex Stamos, Former Security Chief at Yahoo and Facebook

Following a significant security incident that sent shockwaves through the global cybersecurity community, SolarWinds has hired a newly formed cybersecurity consulting firm founded by Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Alex Stamos, former security chief at Facebook and Yahoo.

Generically named the Krebs Stamos Group (KSG), its website currently shows limited information about the firm, saying its goal is to “help organizations turn their greatest cybersecurity challenges into triumphs.”

Krebs Stamos GroupThe consulting firm will apparently help customers assess their security posture, provide them with advice on “critical, long-lasting decisions,” and help them create cybersecurity teams, processes, programs and culture. 

SolarWinds confirmed on Thursday that it has hired the company launched by Krebs and Stamos.

“We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software development company,” SolarWinds said in a statement to the media.

SecurityWeek has reached out to KSG for additional information about the company and its work for SolarWinds, but the company has yet to respond.

Krebs was fired from CISA in November by U.S. President Donald Trump after he refuted claims of electoral fraud and vouched for the integrity of the recent presidential election. After leaving Facebook in August 2018, Stamos became director of the Internet Observatory at Stanford University.  

In the meantime, the U.S. government and cybersecurity companies continue to investigate the SolarWinds breach. According to some media reports, investigators are looking into the potential role played in the attack by a product from JetBrains, a software development firm based in the Czech Republic.

Advertisement. Scroll to continue reading.

JetBrains said it was not aware of any investigation, but did not rule out that its TeamCity software was somehow exploited by hackers, either due to a misconfiguration or a vulnerability.

The United States this week officially said Russia was likely behind the attack on SolarWinds, an accusation that the Kremlin has denied. There is also some evidence that a second, unrelated threat actor may have also targeted SolarWinds.

While SolarWinds said that 18,000 customers may have used a compromised verison of its Orion product, the fallout is believed to have resulted in at least 250 private sector and government organizations being breached. The list of government victims includes the U.S. Justice Department, which admitted this week that hackers may have accessed some Microsoft 365 email accounts, but claimed there was no evidence that classified systems were compromised. 

Related: Investigation Launched Into Role of JetBrains Product in SolarWinds Hack

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: Cyberattack Hit Key US Treasury Systems: Senator

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.