The initial damage assessment of the vast Russian-related cyberattacks is cold enough.
Extensive intrusions by the government, including the Department of Energy’s National Nuclear Security Administration, have been reported, and federal officials have indicated that the worst may not have come yet.
The Department of Homeland Security’s cybersecurity department acknowledges that the full extent of the attack is not yet known and that countless local and private sector systems are at “significant risk.”
Secretary of State Mike Pompeo said US officials had “still unpacked” the cyber invasion, but he publicly accused the Kremlin.
In an interview with Mark Levin Show, a conservative talk show, Pompeo said, “I think it’s a very important initiative and I think it’s clear that the Russians were involved in this activity. “.
More:U.S. under cyberattack that appears to be tied to Russia: private sector, infrastructure and governments at all levels are at risk
FireEye Hack:What you need to know about cybersecurity attacks against the United States
Federal officials have so far dated the attack back to March, but during the period when operatives were lurking in some of the government’s most important agencies, including the Department of State, Homeland Security, Treasury, and Commerce. Unknown. Lost or endangered.
According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), attacks are expected to be even more difficult to eliminate as threats employ advanced tactics not seen in past intrusions. I will.
Where is the White House?
Perhaps most striking was the White House’s silence, as other parts of the government warned about chain threats and uncertain risks, raising questions about how the United States should respond. ..
On Friday, Republican Senator Mitt Romney called President Donald Trump’s lack of reaction “abnormal.”
“They had the ability to show that our defenses were very inadequate. Our readiness for cyberwarfare was very weak,” Romney said in an interview with the Sirius XM. He added that he acted “immunity”.
“And in this situation, it’s really, really, very unusual for the White House to speak up, protest, and take no disciplinary action,” he added.
Michael Chertoff, a former Homeland Security Secretary of the George W. Bush administration, said Friday that the breach emphasized the need for a “deterrence strategy in the event of a cyber conflict.”
“I think we may need to enhance the game,” Chartoff said.
Senate Intelligence Committee Vice-Chairman Mark Warner, Diva, characterized Friday’s hacking as a “catastrophic breach” that required the president’s attention.
“The case of this scale and lasting impact is a positive and public case by the US Government, led by the President, who understands the importance of this invasion and is actively marshalling domestic remediation strategies and international responses. We need to take action, “Warner said. “It’s very annoying that the president doesn’t seem to acknowledge the significance of this situation, much less act on it.”
Pompeo defended the president’s silence after the show’s organizer, Levin, suggested that the Trump administration might be working “behind the scenes” to tackle Russia’s role in the attack.
“That’s absolutely true,” Pompeo said, but didn’t elaborate on what the president was doing to confront Moscow.
“There’s a lot you want to say.’Boy, I call it.’ But the wisest action to protect Americans is to calmly work on your business and protect your freedom.” Pompeo said.
President Joe Biden’s transition secretary-general, Johannes Abraham, reiterated Biden’s Thursday warning that malicious cyber operations would affect those attacking the United States.
“It will cost a lot,” Abraham said on Friday. “Our enemies shouldn’t expect us to telegram our punches, but they should expect the presidential election to be the man in his words.”
“What we know is a big concern,” he added, although many are unknown.
The Department of Energy acknowledges that its system, including the agency that maintains the country’s nuclear weapons stockpile, is affected, but it does not mean that hackers have access to nuclear weapons and codes. This is because weapons systems are usually separated from the traditional Internet, says Dvir Sasson, head of research at Cyber Int, a security company headquartered in Israel, Tel Aviv.
DOE spokeswoman Shaylyn Hynes said late Thursday that the review was underway but determined that the malware was “isolated only into the business network.” According to Hines, the breach did not extend to “the mission of the National Security Agency’s important national security functions, including the National Nuclear Security Administration.”
“Once DOE identified vulnerable software, prompt steps were taken to mitigate the risk, and all software identified as vulnerable to this attack was disconnected from the DOE network,” Hynes said. Says.
What we don’t know can hurt us
Much of what the government has announced so far is full of unknowns.
This week’s joint statement by the FBI, CISA, and Director of National Intelligence called the “serious cyber incident” a “developing situation” and suggests that an invasion is underway.
In another breaking news, the CISA said the attack continued to pose “significant risks” not only to federal networks, but also to state, local and tribal governments along with key infrastructure entities and private organizations.
Authorities also admitted that the suspicious additional infringement was “not yet found.”
“This … actor has shown patience, operational security, and complex tradecraft against these intrusions,” the CISA said of the hacker, saying that ongoing efforts to eliminate the threat ” It will be very complicated and difficult, “he added.
“It takes a very long time,” Sasson said, to get a complete picture of this hacking campaign. “It’s the same as contact tracing during a pandemic in that we already know that the impact and scale of this campaign is far greater than initially understood. In less than a week, this is one security vendor. Has grown into a major attack on key government agencies and businesses around the world. “
“First-class attack ability”
The attacker broke into a federal computer system through popular server software provided by a company called SolarWinds.
The threat seems to have come from the same cyber-spy activity that plagued cybersecurity firm FireEye, foreign governments, and large corporations.
The system is used by hundreds of thousands of organizations around the world, including most Fortune 500 companies and several US federal agencies, and is currently struggling to patch networks.
FireEye CEO Kevin Mandia said the first DHS alert came a few days after announcing that FireEye had been compromised “by a country with top-notch offensive capabilities.”
FireEye has discovered that regular software updates for SolarWinds products contain malicious code. So-called “supply chain attacks” come from trusted vendors, especially IT management software companies, so malicious individuals “come from the back doors that are least likely to get infected,” Sasson said.
Once inside the network, the code attacked a Microsoft Office 365 product. Such attacks through Microsoft products “can have serious consequences. Microsoft products are used worldwide and affect individual operating systems, video game services, cloud infrastructure, and more. “We are giving,” said Sivan Tehila, director of solution architecture for Perimeter81, a cloud software security company also based in Tel Aviv, Israel.
Microsoft, which released an update that blocks malicious code, said it tried to collect credentials to gain additional access once the code entered the network.
Such attacks are “very rare,” Sasson said. “The way malware works is to shut itself down (as if it were). It’s very confidential and attempts and detects the slow and slow communications we call in the industry. I try not to be done. “
Tehila has asked the organization to update the Microsoft software, follow DHS recommendations, shut down the SolarWinds software, and isolate some of the networks where the software is installed.
Eric Noonan, CEO of Cyber Sheath in Reston, Virginia, said that his network wasn’t compromised, Microsoft said “because it has world-class capabilities to discover this type of problem.” , I was able to discover that my product was compromised. Based cyber security company. “But in reality, most compromised organizations lack the ability or resources to investigate this and later find themselves hacked through a third party.”
Noonan compared the situation with “comparing to waking up to a fire engine at 3 am, sniffing smoke in the house and taking everyone out.”
In a note to investors, Wedbush Securities analyst Daniel Ives said the cyberattack was “the worst (probably the worst in history) of the last decade, given the target of the attack and the nature of cyberspy activity. It is likely to be ranked as one. ” Friday.
Perhaps escalating the impact is that private and federal employers across the United States have millions of employees working from home.
“This breach does not occur at worst, with almost all government agencies and businesses working from home until at least mid-2021 and accessing applications / data from ubiquitous endpoints around the world. It was, “said Ives.
Contributions: Bart Jansen and Jessica Guynn
The worst may not yet come with a SolarWinds hack
Source link The worst may not yet come with a SolarWinds hack