Tag Archive for: hack

The fallout from SolarWinds hack will get worse before it gets better

/in


  • US government agencies and private organizations have been the targets of a cyberattack that was only just uncovered this month.
  • A group of hackers believed to be associated with the Russian intelligence agency SVR infiltrated a SolarWinds software update earlier this year.
  • This is a huge problem for two major reasons: The attackers were able to gain access for a long period of time without being detected, and it will also take a long time for security experts to determine the extent of what’s been compromised.
  • “Fragments of attacks can sit dormant for months, and years, and only revive when the author wants them to begin their job,” cybersecurity expert Sean Harris told Business Insider. “Stealth is the most worrisome aspect of these ‘attacks.'” 
  • Visit Business Insider’s homepage for more stories.

For months, US government agencies and private organizations have been the targets of what’s being called the most widespread cyberattack ever, and one that went largely undetected until this month. At the center of the attack is a company most people have never heard of called SolarWinds, which provides IT infrastructure management tools to hundreds of thousands of customers including government agencies, corporations, and nonprofit organizations. 

A SolarWinds software update earlier this year was infiltrated by a group of hackers believed to be associated with the Russian intelligence agency SVR, in what is known as a supply chain attack. As a result, the hackers’ malware was able to infect the networks of many, if not all of, SolarWinds’ customers as they updated their SolarWinds Orion software.

“The number of organizations that downloaded the corrupted update could be as many as 18,000, which includes most federal government unclassified networks and more than 425 Fortune 500 companies,” Tom Bossert, former Homeland Security Advisor, said in an op-ed in the the New York Times on Thursday.

Not only is this attack extraordinary in its scope, it’s devastating in its impact — largely because of two things. First, the attackers were able to gain covert access for a long period of time without being detected. And second, it will be even…

Source…

Why a Colossal Hack of US Interests Should Wake Up the Art Industry to Cybersecurity Threats (and Other Insights)

/in


Every Monday morning, Artnet News brings you The Gray Market. The column decodes important stories from the previous week—and offers unparalleled insight into the inner workings of the art industry in the process.

This week, a reinforcement of the maxim that only the paranoid survive…

 

ONCE MORE INTO THE BREACH

Last Sunday, Reuters broke the news of what appears to be one of the most expansive, longest-running, and most damaging hacks in US history. The story should also double as a visceral reminder that, as the art market continues its aggressive march into enhanced online sales and global connectivity, cybersecurity deserves far more attention than it’s likely gotten during this anarchic year.

First uncovered by the cybersecurity firm FireEye, the mega-breach qualifies as what experts call a “supply-chain attack.” Rather than directly infiltrating their targets by stealing employees’ usernames and passwords, hackers instead broke into software that the true targets installed from a legitimate third-party supplier as part of a regular systems update. The corrupt software then provided the assailants a difficult-to-detect back door into the end user’s network—a back door that has been swinging open for six to nine months, per multiple reports.

Central to the debacle is a Texas-based IT company called SolarWinds, which produces software that manages the server networks of major public and private clients alike. According to Reuters, the firm’s “customers include most of America’s Fortune 500 companies, the top 10 US telecommunications providers, all five branches of the US military, the State Department, the National Security Agency, and the Office of President of the United States.” 

While the full extent of the SolarWinds breach will not be known for months, Microsoft confirmed that the hackers exploited at least “40 companies, government agencies, and think tanks,” per the New York Times. “Nearly half” of that cohort’s members are private tech companies, with “many” specializing in cybersecurity. An earlier Times story identified the Department of Homeland Security and “parts of the Pentagon” as confirmed government…

Source…

How bad is the hack that targeted U.S. agencies? | Business News

/in


Its apparent monthslong timeline gave the hackers ample time to extract information from a lot of different targets. Buchanan compared its magnitude to the 2015 Chinese hack of the U.S. Office of Personnel Management, in which the records of 22 million federal employees and government job applicants were stolen.

FireEye executive Charles Carmakal said the company was aware of “dozens of incredibly high-value targets” compromised” by the hackers and was helping “a number of organizations respond to their intrusions.” He would not name any, and said he expected many more to learn in coming days that they, too, were infiltrated.

SolarWinds, of Austin, Texas, provides network-monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.

Its compromised product, called Orion, accounts for nearly half SolarWinds’ annual revenue. Its centralized monitoring looks for problems in an organization’s computer networks, which means that breaking in gave the attackers a “God-view” of those networks.

SolarWinds said in a financial filing that it sent an advisory to about 33,000 of its Orion customers that might have been affected, though it estimated a smaller number of customers — fewer than 18,000 — had actually installed the compromised product update earlier this year.

Source…

Massive SolarWinds hack has big businesses on high alert

/in


The US government was rattled this week by a cyberattack that compromised a third-party software vendor’s systems and led to data breaches at several federal agencies, including the Department of Commerce, the Department of Energy and the Department of Homeland Security’s cyber arm.



a sign on the side of a building: SolarWinds headquarters in Austin, Texas on December 15, 2020.

© Shutterstock
SolarWinds headquarters in Austin, Texas on December 15, 2020.

But the attack on SolarWinds, a firm that was far from a household name before, has also put many of the biggest companies in the country on alert.

Loading...

Load Error

SolarWinds said in an investor filing this week that as many as 18,000 of its customers — out of a total of 300,000 — may have been running software containing the vulnerability that allowed the hackers to penetrate the Commerce Department. US officials suspect Russian-linked hackers are behind the breach.

SolarWinds provides services to more than 425 companies in the US Fortune 500, it boasted on a page on its website that has since been taken down but remains accessible on the Wayback Machine internet archive.

The firms listed on the page included big names such as Cisco, AT&T, Microsoft, Comcast and McDonald’s, as well as financial giants Visa and Mastercard. A number of these firms told CNN Business that they are currently conducting investigations. At least two say they have been affected to some degree.

A Cisco spokesperson told CNN Business on Friday that it had “identified and mitigated affected software in a small number of lab environments and a limited number of employee endpoints.”

Video: US agencies investigating hack of government networks (CNN)

US agencies investigating hack of government networks

UP NEXT

UP NEXT

“At this time, there is no known impact to Cisco offers or products,” the spokesperson said. “We continue to investigate all aspects of this evolving situation with the highest priority.”

Microsoft also acknowledged that it was impacted by the hack.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries…

Source…