1. Forum
  2. tqwNet
  3. TQW GENTECH

  • SEC fines cybersecurity giants for downplaying effects of SolarWi

    From TechnologyDaily@1337:1/100 to All on Wednesday, October 23, 2024 14:15:05
    SEC fines cybersecurity giants for downplaying effects of SolarWinds attack

    Date:
    Wed, 23 Oct 2024 13:03:00 +0000

    Description:
    Despite knowing threat actors had accessed systems and exfiltrated data, several companies released statements downplaying the impact of the attack.

    FULL STORY ======================================================================

    Four top security companies have been charged for downplaying the impact the SolarWinds Orion compromise had on their systems, an action which violated certain provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, among other related rules.

    The US Securities and Exchange Commission charged and fined Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited for making materially misleading disclosures regarding cybersecurity risks and intrusions.

    All companies have received civil penalties, with Unisys expected to pay $4 million, Avaya $1 million, Check Point $995,000, and Mimecast $990,000. Misleading disclosures

    The 2020 attack on SolarWinds Orion infrastructure management software saw threat actors push updates to the Orion software that were loaded with
    malware , infecting other organizations downstream in the supply chain that used the Orion software.

    The attack impacted thousands of businesses and several branches of the US government, including the US Department of Homeland Security, the US Treasury Department, and the US Department of Commerce.

    Among the businesses impacted by the attack were the four charged by the SEC, which in its press release stated Unisys, described its risks from cybersecurity events as hypothetical despite the company having knowingly experienced two attacks as a result of the SolarWinds attack that resulted in large amounts of data being exfiltrated.

    The charge against Avaya states the company attempted to downplay the impact of the SolarWinds attack, stating attackers had accessed a limited number of [the] Companys email messages. In actuality, Avaya was already aware the threat actors had broken into the companies cloud file sharing system and gained access to at least 145 files.

    Check Point and Mimecast were also found to have downplayed the impact of the attack on their systems.

    Sanjay Wadhwa, Acting Director of the SECs Division of Enforcement, said, As todays enforcement actions reflect, while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered. Here,
    the SECs orders find that these companies provided misleading disclosures about the incidents at issue, leaving investors in the dark about the true scope of the incidents. More from TechRadar Pro These are the best endpoint protection services Thousands of WordPress websites hacked via plugin looking to steal user data Take a look at the best business VPN



    ======================================================================
    Link to news story: https://www.techradar.com/pro/sec-fines-cybersecurity-giants-for-downplaying-e ffects-of-solarwinds-attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)