SolarWinds hackers could have been deterred by simple security measures, officials say
Implementing basic security measures could have helped deter or minimise the massive SolarWinds hack that enabled threat actors to compromise at least nine government agencies and hundreds of private firms.
In a letter sent to Senator Ron Wyden earlier this month, US Cybersecurity and Infrastructure Security Agency (CISA) acting director Brandon Wales acknowledged that firewalls placed in computer networks of victim organisations could have helped block the malware used in the SolarWinds attack.
“CISA agrees that a firewall blocking all outgoing connections to the internet would have neutralised the malware,” Wales wrote, according to The Hill.
in February, Wyden contacted CISA with a list of queries about the agency’s ability to spot zero-day exploits and other malicious network activity using its $6 billion EINSTEIN sensor system. Wyden asked why CISA had failed to detect network traffic that enabled hackers to install a corrupted SolarWinds update package and send additional payloads to compromised systems.
The SolarWinds hack was disclosed in December after the US Treasury Department and the US Department of Commerce’s National Telecommunications and Information Administration (NTIA) were found to have been compromised in a massive cyber campaign.
The attackers were able to breach networks after compromising SolarWinds’ network monitoring software Orion, which was widely used by various government departments and private companies.
The hackers inserted malicious code into legitimate software updates for the Orion software, which allowed them remote access into the victim’s environment.
The White House blamed Russia for the intelligence coup and sanctioned several Russian officials and organisations in April. Russia has denied the allegations, saying it had no involvement in the hack.
According to Wales, the malware deployed by hackers would have been neutralised had victims set up their firewalls to block all outbound connection attempts from the servers running SolarWinds.
Several targeted organisations that had properly configured their firewalls were able to block outbound connections, with no “follow-on exploitation,” Wales said.
According to Wyden’s office, SolarWinds…