Tag Archive for: responses

New York Department Of Financial Services Questions Its Regulated Entities On Responses To And Lessons Learned From The SolarWinds Cyberattack – Technology

In December 2020, a cybersecurity company alerted the world to a
major cyberattack against the U.S. software development company,
SolarWinds, through the company’s Orion software product
(“SolarWinds Attack”). The SolarWinds Attack went
undetected for months, as it has been reported that the hackers
accessed the source code for Orion as early as March
2020.1 Orion is widely used by companies to manage
information technology resources, and according to SolarWinds Form
8-K filed with the Securities and Exchange Commission, SolarWinds
had 33,000 customers that were using Orion as of December 14,

It is alleged that the SolarWinds Attack was one part of a
widespread, sophisticated cyber espionage campaign by Russian
Foreign Intelligence Service actors which focused on stealing
sensitive information held by U.S. government agencies and
companies that use Orion.2 The hack was perpetuated
through SolarWinds sending its customers routine system software
updates.3 SolarWinds unknowingly sent out software
updates to its customers that included the hacked code that allowed
the hackers to have access to customer’s information technology
and install malware that helped them to spy on SolarWinds’
customers, including private companies and government entities,
thereby exposing up to 18,000 of its customers to the

The New York Department of Financial Services (“DFS”)
alerted DFS-regulated entities of the SolarWinds Attack on December
18, 2020 through the “Supply Chain Compromise
Alert.”4 The Supply Chain Compromise Alert included
guidance from the U.S. Department of Homeland Security’s
Cybersecurity and Infrastructure Security Agency, SolarWinds, and
other sources, and reminded the regulated entities of their
obligations under the New York Cybersecurity Regulation
(“Cybersecurity Regulation”), adopted in 2017, which
requires DFS-regulated entities, including New York banks,
insurance companies and producers and other financial services
firms, to develop a comprehensive cybersecurity program, implement
specific cybersecurity controls, assess cybersecurity risks posed
by third-party service providers, and notify the DFS of


SolarWinds hack: US weighs ‘seen and unseen’ responses to major cyber attack

The White House is in “the closing stages” of deciding how to respond to a hack that compromised popular software by Texas-based SolarWinds Corp., according to Jake Sullivan, President Joe Biden’s national security adviser.

Sullivan said the US is considering “seen and unseen” responses to the attack, suspected of being carried out by Russian hackers and affecting at least 100 US companies and nine federal agencies.

“We’re in the closing stages of that process with options that will be presented at the highest levels here,” Sullivan said in an interview with Bloomberg News.

While Sullivan declined to elaborate, the US response could include sanctions, expelling Russian diplomats, indicting the suspected hackers or some kind of covert cyber retaliation against Russia. However, there’s growing frustration among lawmakers that those methods — used in response to previous hacks — haven’t deterred US adversaries from attacking its computer networks.

The administration continues to be focused intensively on remediation, Sullivan said. “Meaning, making sure that we’ve address the vulnerabilities of federal networks in particular,” Sullivan said.

The breach — along with another of Microsoft Corp.’s Exchange email software — is an early test for Biden and his cybersecurity team.

In December, cybersecurity analysts discovered a sprawling espionage campaign in which hackers compromised SolarWinds software, inserting malicious code into updates. As many as 18,000 customers received the malicious updates, though far fewer were targeted for follow-on attacks by the suspected Russian hackers.

This month, Microsoft revealed that suspected Chinese hackers exploited flaws in the code of Exchange to breach customer email systems. Cybersecurity experts say the attack had tens of thousands of victims.

The administration is working with Microsoft to encourage customers to patch their systems, and the nine compromised federal agencies are supposed to complete internal reviews of the breaches this month.


Charges From Botched Data Breach Responses Put the Heat on Corporate Execs | The Legal Intelligencer – Law.com

Charges From Botched Data Breach Responses Put the Heat on Corporate Execs | The Legal Intelligencer  Law.com
“data breach” – read more

Pick your poison: The potential Iranian responses to US drone strike

TEHRAN, IRAN - (ARCHIVE): A file photo dated September 18, 2016 shows Iranian Revolutionary Guards' Quds Force commander Qasem Soleimani during Iranian Supreme Leader Ayatollah Ali Khamenei's meeting with Revolutionary Guards, in Tehran, Iran.

Enlarge / TEHRAN, IRAN – (ARCHIVE): A file photo dated September 18, 2016 shows Iranian Revolutionary Guards’ Quds Force commander Qasem Soleimani during Iranian Supreme Leader Ayatollah Ali Khamenei’s meeting with Revolutionary Guards, in Tehran, Iran. (credit: Anadolu Agency / Getty Images)

The assassination by missile last night of Iranian Revolutionary Guard Corps Quds Force commander Major General Qasem Soleimani and four other senior Iranian officers has triggered vows of revenge from Iran’s Supreme Leader and other members of Iran’s leadership. Those vows have raised concerns about both physical and electronic attacks by Iran against the US and other targets—including an expansion of the already noted broadening attempts at cyber attacks by Iranian state-sponsored hackers.

A Department of Defense spokesperson said in a statement on the attack, “At the direction of the President, the US military has taken decisive defensive action to protect US personnel abroad by killing Qasem Soleimani… General Soleimani was actively developing plans to attack American diplomats and service members in Iraq and throughout the region.”

The attack, apparently launched from a drone against Soleimani’s motorcade as it left Baghdad International Airport, also is reported to have killed Abu Mahdi al-Muhandis, the leader of Iraq’s Kata’ib Hezbollah militia—the force the US blamed for a December 27, 2019 rocket attack on a Peshmerga-operated base that killed a US contractor and wounded several US soldiers there as part of a training operation. Soleimani was alleged by the Defense Department’s spokesperson to have orchestrated that attack, as well as the protest and assault on the US Embassy in Baghdad this week.

Read 7 remaining paragraphs | Comments

Biz & IT – Ars Technica