Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group – and have been hired by SolarWinds.
SolarWinds, which has been embroiled in a recent, widescale hack, has called in two security powerhouses for help: Former director of the Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs, and former Facebook security executive Alex Stamos.
Texas-based SolarWinds hired the duo as crisis-response consultants in the fallout of a cyberattack, discovered in December, in which the company’s network-management platform was targeted in a massive supply-chain hack. Several high-profile victims were affected – including the U.S. Department of Homeland Security (DHS), and the Treasury and Commerce departments.
Krebs is the former (and first) director of CISA, first appointed in 2018. In November, he was axed by the Trump administration in a move that drew public criticism from government officials and security experts alike.
Stamos, meanwhile, is the former Facebook CISO, and the founder of the Stanford Internet Observatory. Stamos over the past year has been tapped by other companies hit by various security scandals – including Zoom, after a COVID-19 surge in its user base led to Zoom-bombing cyberattacks and privacy concerns.
First reported by The Financial Times on Thursday, the two paired up to launch a cybersecurity consulting business, called the Krebs Stamos Group. According to the company’s website, the consulting team works with companies to help them understand the various security risks that they face, as well as their weaknesses, “and the role they play in the security of our wider society.” Threatpost has reached out to the Krebs Stamos Group for further comment.
“Our concept is simple: help businesses manage cybersecurity risk as business risk, making the internet a safer place in the meantime,” said Krebs on Twitter on Friday.
"News broke last night that I'm jumping into the next chapter of my career alongside @alexstamos. We've teamed up to form http://KS.group. Our concept is simple: help businesses manage cybersecurity risk as business risk, making the Internet a safer place in the meantime."
Security experts, for their part, praised SolarWinds’ decision to tap the new firm, with security researcher Kevin Beaumont saying on Twitter: “This is a really smart hire.”
The need for security expertise moving forward is essential for SolarWinds as the company continues to face fallout from the hack. Just this week, the Department of Justice (DoJ) announced that cybercriminals breached its Office 365 email server as part of the massive hack.
In December, it was discovered that an attack vector leveraging the default password (“SolarWinds123”) of the SolarWinds platform gave attackers an open door into its software-updating mechanism. Combining that with SolarWinds’ deep visibility into customer networks became a “perfect storm” contributing to the widespread success of the attack, researchers have said. The U.S. government has identified Russia as the “likely” culprit behind the attack.
On Twitter on Friday, Stamos said: “We have already engaged in helping understand and recover from what looks to be one of the most serious foreign intrusion campaigns in history, and we will be helping others learn from this attack.”
SolarWinds CEO Sudhakar Ramakrishna (former CEO of Pulse Secure), who was brought on board before the company was notified of the cyberattack, said the company is engaging with industry colleagues, third-party security experts and intelligence agencies worldwide, as part of the investigation.
“We have engaged several leading cybersecurity experts to assist us in this journey and I commit to being transparent with our customers, our government partners, and the general public in both the near-term and long-term about our security enhancements to ensure we maintain what’s most important to us – your trust,” Ramakrishna said on Thursday.
Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar – Jan. 20, 2 p.m. ET.
January 8, 2021