Tag: scramble | Page 2

Victims of Microsoft hack scramble to plug security holes

March 8, 2021/in Computer Security

Victims of a massive global hack of Microsoft email server software — estimated in the tens of thousands by cybersecurity responders — hustled Monday to shore up infected systems and try to diminish chances that intruders might steal data or hobble their networks.

The White House has called the hack an “active threat” and said senior national security officials were addressing it.

The breach was discovered in early January and attributed to Chinese cyber spies targeting U.S. policy think tanks. Then in late February, five days before Microsoft issued a patch on March 2, there was an explosion of infiltrations by other intruders, piggybacking on the initial breach. Victims run the spectrum of organizations that run email servers, from mom-and-pop retailers to law firms, municipal governments, health care providers and manufacturers.

While the hack doesn’t pose the kind of national security threat as the more sophisticated SolarWinds campaign, which the Biden administration blames on Russian intelligence officers, it can be an existential threat for victims who didn’t install the patch in time and now have hackers lingering in their systems. The hack poses a new challenge for the White House, which even as it prepares to respond to the SolarWinds breach, must now grapple with a formidable and very different threat from China.

“I would say it’s a serious economic security threat because so many small companies out there can literally have their business destroyed through a targeted ransomware attack,” said Dmitri Alperovitch, former chief technical officer of the cybersecurity firm CrowdStrike.

He blames China for the global wave of infections that began February 26, though other researchers say it’s too early to confidently attribute them. It’s a mystery how those hackers got wind of the initial breach because no one knew about this except a few researchers, Alperovitch said.

After the patch was released, a third wave of infections began, a piling on that typically occurs in such cases because Microsoft dominates the software market and offers a single point of attack.

Cybersecurity analysts trying to pull together a complete picture of the hack said their…

Source…

Cyber Experts Scramble to Assess Scope of ‘Hack of a Decade’

January 31, 2021/in Computer Security

News Highlights: Cyber Experts Scramble to Assess Scope of ‘Hack of a Decade’.

US government cyber experts are furiously working in secure offices around the world, scouring computer traffic to find out which federal systems have invaded the sweeping cyber-espionage attack that the FBI warned this week was “important and ongoing.” is. Suspected Russian hackers have broken into sensitive US government computer networks, from the Pentagon to the Department of Energy, as well as US private companies, poking around and likely reading emails and collecting data.

The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security called the attack, which began in March or possibly sooner, “a serious risk” to the US government. Experts from both the government and US private companies compromised in the attack take entire sections of their computer networks offline or quarantine them for a deeper forensic dive to find out what was copied or taken, and whether the hackers left behind malware code .

The hackers used a little-known but widely used software program called Orion, created by cyber company SolarWinds, whose client list includes the Office of the US President, the Pentagon, NASA, NSA, all five branches of the US military, and most of the Fortune. 500 companies, including the ten largest US communications companies.

The Austin, Texas-based company then deleted its customer list from its website report the hack may have affected some 18,000 customers. The company says it “has been informed that the nature of this attack indicates that it may have been carried out by an outside nation-state” and is encourage customers to update their systems to remove the threat. The company did not immediately respond to the request for comment. CISA referred adding to the attackers as “a patient, well-resourced and focused adversary” that the Orion software vulnerability was not the only way it attacked, but refused to share further details.

Since it was first reported by Reuters Sunday, the known size of the hack is growing every day. So far, government agencies, including the Ministries of Trade and Energy, are among those confirmed to be…

Source…