The SolarWinds hack could be much worse than expected

The SolarWinds hack, attributed to Russian doks that has garnered attention of major U.S. federal agencies and private companies may also be worse than officials initially realized.

So far, US officials believe that some 250 agencies and companies American private they have been affected, according to a New York Times report. The computer networks of Departments of the Treasury, Commerce, Energy, the National Nuclear Safety Administration from the United States, FireEye and Microsoft have been hacked among others.

Three weeks after the intrusion came to light, American officials they're still trying to figure out whether what the Russians did was just a spy operation inside the American bureaucratic systems or something else.

While government and private sector researchers they continue investigating, the cyber attack campaign has raised questions about how and why the nation's cyber defenses have failed so spectacularly.

These questions took on a particularly urgent character given that the breach was not detected by any of the government agencies that share responsibility for cyber defense - the Military Cyber ​​Command and the National Security Agency - but by a private cyber security company, FireEye.

"It looks much worse than I initially feared," Virginia Democratic Sen. Mark Warner, a member of the Senate Intelligence Committee, said in a statement. “The size of the intrusion continues to grow. It is clear that the government of the United States missed it ”. "What if FireEye hadn't shown up?" He added, "I'm not sure we're fully aware of it now."

The intentions behind the attack remain hidden, But given the number of US federal agencies declared victims compared to private companies that have already seen their networks infected, it can be said that the US government was clearly the main target of the cyberattack. TOSome analysts say the Russians could try to shake Washington's confidence on the security of your communications and demonstrating your cyber arsenal to influence President-elect Joe Biden ahead of the nuclear weapons talks.

"We still don't know what Russia's strategic goals were," said Suzanne Spaulding, who was the senior cyber official in the Department of Homeland Security under the Obama administration. “But we should be concerned that some of those goals may go beyond recognition. Their objective may be to put themselves in a position to influence the new administration, such as pointing a pistol at our head to dissuade us from taking action to counter Putin. "

Microsoft said hackers compromised Orion monitoring and management software from SolarWinds, allowing them to impersonate any existing user and account in the organization, including highly privileged accounts. Russia is said to have exploited layers of the supply chain to access the systems of government agencies.

The "early warning" sensors placed by the Military Cyber ​​Command and the NSA within foreign networks to detect ongoing attacks have clearly failed. There is also no indication that any human intelligence has alerted the United States to this attack. Furthermore, it seems likely that the US government's focus on protecting the November elections from foreign hackers has pooled many resources to focus on the software supply chain, according to the newspaper.

In addition, carrying out the attack from servers in the United States apparently allowed the hackers to escape detection by cyber defenses deployed by the Department of Homeland Security. Since some of the compromised SolarWinds software was designed in Europe from the East, American researchers now are examining whether the raid took place in that region, where Russian intelligence agents are deeply rooted, he reported.

The cybersecurity arm of the Department of Homeland Security concluded in December that hackers were also working through channels other than SolarWinds.

A week ago, CrowdStrike, another cybersecurity company, revealed that it was also being attacked, unsuccessfully, by the same hackers, but by a company that resells Microsoft software.

Because resellers are often responsible for deploying customer software, they have extensive access to Microsoft customer networks. Thus, it can be an ideal Trojan horse for Russian hackers.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.