Tag Archive for: dhs

SolarWinds hack got emails of top DHS officials

/in


By Alan Suderman | Associated Press

Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.

The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion, and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.

The short answer for many security experts and federal officials is that it can’t — at least not without some significant changes.

“The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS,” said Sen. Rob Portman of Ohio, top Republican on the Senate’s Homeland Security and Governmental Affairs Committee. “We are talking about DHS’s crown jewels.”

The Biden administration has tried to keep a tight lid on the scope of the SolarWinds attack as it weighs retaliatory measures against Russia. But an inquiry by the AP found new details about the breach at DHS and other agencies, including the Energy Department, where hackers accessed top officials’ schedules.

The AP interviewed more than a dozen current and former U.S. government officials, who spoke on the condition of anonymity because of the confidential nature of the ongoing investigation into the hack.

The vulnerabilities at Homeland Security, in particular, intensify the worries following the SolarWinds attack and an even more widespread hack affecting Microsoft Exchange’s email program, especially because in both cases the hackers were detected not by the government but by a private company.

In December, officials discovered what they describe as a sprawling, monthslong cyberespionage effort done largely through a hack of a widely used software from Texas-based SolarWinds Inc. At least nine federal agencies were hacked, along with dozens of private-sector companies.

U.S. authorities have…

Source…

SolarWinds hack got emails of top DHS officials » Albuquerque Journal

/in


Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.

The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.

The short answer for many security experts and federal officials is that it can’t — at least not without some significant changes.

“The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS,” said Sen. Rob Portman of Ohio, top Republican on the Senate’s Homeland Security and Governmental Affairs Committee. “We are talking about DHS’s crown jewels.”

……………………………………………………….

The Biden administration has tried to keep a tight lid on the scope of the SolarWinds attack as it weighs retaliatory measures against Russia. But an inquiry by the AP found new details about the breach at DHS and other agencies, including the Energy Department, where hackers accessed top officials’ private schedules.

The AP interviewed more than a dozen current and former U.S. government officials, who spoke on the condition of anonymity because of the confidential nature of the ongoing investigation into the hack.

The vulnerabilities at Homeland Security in particular intensify the worries following the SolarWinds attack and an even more widespread hack affecting Microsoft Exchange’s email program, especially because in both cases the hackers were detected not by the government but by a private company.

In December, officials discovered what they describe as a sprawling, monthslong…

Source…

DHS plans largest operation to secure U.S. election against hacking

/in


The Department of Homeland Security’s cybersecurity division is mounting the largest operation to secure a U.S. election, aiming to prevent a repeat of Russia’s 2016 interference and to ward off new threats posed by Iran and China.



a group of people posing for the camera: Julian Belilty casts his early vote in the Adams Morgan neighborhood of D.C. on Oct. 28. (Tom Brenner/Reuters)

Julian Belilty casts his early vote in the Adams Morgan neighborhood of D.C. on Oct. 28. (Tom Brenner/Reuters)

On Election Day, DHS’s Cybersecurity and Infrastructure Security Agency will launch a 24/7 virtual war room, to which election officials across the nation can dial in at any time to share notes about suspicious activity and work together to respond. The agency will also pass along classified information from intelligence agencies about efforts they detect from adversaries seeking to undermine the election and advise states on how to protect against such attacks.

Loading...

Load Error

“I anticipate possibly thousands of local election officials coming in to share information in real time, to coordinate, to track down what’s real and what’s not, separate fact from fiction on the ground,” said Matt Masterson, CISA’s senior cybersecurity adviser, who has helped lead election preparations. “We’ll be able to sort through what’s happening and identify: Is this a typical election event or is this something larger?”

The operation will run for days or weeks until winners are clear in most races — and potentially until the election is formally certified in December. “We’ll remain stood up until the [election] community tells us, ‘Okay, we’re good, you can stand down,’ ” Masterson said.

The wide-ranging operation is the culmination of four years during which CISA has grown from a backwater agency that was largely unknown outside Washington to the main federal government liaison to a nationwide ecosystem of officials running the elections.

CISA’s growth is especially notable because it has happened despite an abiding lack of interest in election security from President Trump. He has held only one Cabinet-level meeting on the topic during his presidency and generally views discussion about Russian interference as threatening the legitimacy of his 2016 victory over Hillary Clinton, even though…

Source…

FBI, DHS Warn Hospitals of ‘Credible Threat’ from Hackers

/in


Several federal agencies on Wednesday warned hospitals and cyber-researchers about “credible” information “of an increased and imminent cybercrime threat to U.S. hospitals and health-care providers.”

The FBI, the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security and known as CISA, said hackers were targeting the sector, “often leading to ransomware attacks, data theft and the disruption of health-care services,” according to an advisory.

The advisory warned that hackers might use Ryuk ransomware “for financial gain.”

The warning comes as COVID-19 cases and hospitalizations surge across the country. The cybersecurity company FireEye Inc. said multiple U.S hospitals had been hit by a “coordinated” ransomware attack, with at least three publicly confirming being struck this week.

Ransomware is a type of computer virus that locks up computers until a ransom is paid for a decryption key.

The attack was carried out by a financially motivated cybercrime group dubbed UNC1878 by computer security researchers, according to Charles Carmakal, FireEye’s strategic services chief technology officer. At least three hospitals were severely affected by ransomware on Tuesday, he said, and multiple hospitals have been hit over the past several weeks. UNC1878 intends to target and deploy ransomware to hundreds of other hospitals, Carmakal said.

“We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” he said. “UNC1878, an Eastern European financially motivated threat actor, is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other health-care providers.”

Multiple hospitals have already been significantly affected by Ryuk ransomware and their networks have been taken offline, Carmakal added. “UNC1878 is one of most brazen,…

Source…