Topics
Latest
AI
Amazon
Image Credits:BalkansCat(opens in a new window)/ Getty Images
Apps
Biotech & Health
clime
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
convenience
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
societal
blank space
Startups
TikTok
shipping
speculation
More from TechCrunch
consequence
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal ascendence failure for allegedly misleading investor about the companionship ’s cybersecurity practice prior to a cyberattack launched by Russian hackers in 2019 .
In a statementpublished belated Monday , the SEC aver SolarWinds “ allegedly misled investor by disclosing only generic and hypothetical risk of exposure ” at a time when SolarWinds and Brown knew of “ specific deficiencies ” in SolarWinds ’ security practices and the increasing risks that the society was facing at the time .
The SEC ’s complaint accused the caller of making call , including about its own surety practices , that were “ at betting odds ” with its home assessments . In one case , the SEC said Brown , who presently serves as SolarWinds ’ chief information security officer , made presentations in the years prior to the hack that state the company ’s surety practices were in a “ very vulnerable commonwealth . ”
But the Union regulator sound out that Brown failed to sufficiently raise security risks to the company or solve them .
Gurbir S. Grewal , who oversees the SEC ’s enforcement unit , said SolarWinds and Brown “ ignored repeat reddened flag ” and “ engaged in a campaign to paint a untrue movie of the companionship ’s cyber controls surround , thereby depriving investor of accurate textile information . ”
“ Today ’s enforcement action not only excite SolarWinds and Brown for misleading the investment public and fail to protect the company ’s ‘ pennant jewel ’ asset , but also underscores our message to issuers : implement strong controls calibrated to your jeopardy environments and level with investors about cognise business concern , ” say Grewal .
SolarWinds was hacked as far back as 2019 by a group of government activity hackers associate with Russia ’s extraneous intelligence divine service , whobroke into SolarWinds ’ networkand plant a backdoor in the computer code of the company ’s flagship Orion internet direction product . When the tainted Orion software was pushed to SolarWinds ’ customer as a software update , the hackers bring in access to every connection launch the compromised software , include private companies and federal way .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
The hack was discovered almost a year afterward in 2020 , during which severalU.S. regime departmentswere confirmed compromised , include NASA , Homeland Security and the Department of Justice , as well as security measures behemoth FireEye , and several technical school companies , university and hospital .
The SEC told SolarWinds in November 2022 that itfaced enforcement actionfollowing the cyberattack , warning that the company ’s cybersecurity disclosure and public argument were under examination .
A SolarWinds spokesperson correct to comment on the disc at the clock time of publication . In ablog postpublished briefly after the SEC ’s announcement , SolarWinds CEO Sudhakar Ramakrishna accused the SEC of launching a “ ill-conceived and wrong enforcement action ” against the companionship and that it will “ smartly oppose this action at law . ”
Alec Koch , an attorney for Brown , say that he looks forrad to defending Brown ’s reputation and “ make up the inaccuracies in the SEC ’s charge . ”
SolarWinds hacker targeted NASA , Federal Aviation Administration networks
