SolarWinds hackers can get lost with simple countermeasures – US authorities

File Photo: In this illustrated photo taken on May 13, 2017, a man has a laptop computer because of the cybercode projected. REUTERS / Kacper Pempel

June 21, 2021

Rafael Satter

Washington (Reuters) – Following a 10-year-old security advisory, the Department of Homeland Security’s Digital Defense Department said this month that it could help thwart Russian hackers who ran wild across a federal network last year. Said in the letter sent at the beginning.

Approval from the Cyber ​​Security and Infrastructure Security Agency (CISA) was approved as the United States prepared to pour billions of dollars into strengthening cyber security following a series of dramatic intrusions by foreign hackers. It emphasizes how basic digital security measures can help defeat or at least mitigate even the effects of the most serious breaches.

The June 3 letter sent by the CISA to Senator Ron Weiden was about a vast espionage campaign to hijack software from Texas-based SolarWinds Corp and invade nine government sectors. We have already accumulated hundreds of millions of dollars in cleanup costs.

A alleged Russian hacker broke SolarWinds’ widely deployed network monitoring program and used it to deploy malicious software on thousands of client servers, eventually picking out a few. , Stopped the intelligence coup by doing a thorough abuse.

According to the CISA, if the victim had configured the firewall to block all outbound connections from servers running SolarWinds, “we could have neutralized the malware.”

The agency said that some targets with such firewalls “successfully blocked connection attempts” and no “subsequent abuses”.

Wyden’s office states that servers running SolarWinds software do not need to send outbound traffic. Guidance from the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) has warned for more than a decade that servers that do not need to be connected to the Internet should be prevented from connecting to the Internet. .. The idea is that doors that don’t need to be opened need to be bolted.

Servers running SolarWinds within the government network “should have had more restrictions,” said Jason Garbis, chief product officer of digital security firm Appgate.

Blocking the server running SolarWinds from the Internet does not suggest that last year’s hacking campaign was completely unsuccessful. Spies used a variety of sophisticated tactics to carry out espionage activities.

But by following security best practices, Garbis said government networks are “much more resilient to these types of attacks.”

(Report by Raphael Satter, edited by Jonathan Oatis)

SolarWinds hackers can get lost with simple countermeasures – US authorities

Source link SolarWinds hackers can get lost with simple countermeasures – US authorities

Back to top button