Posts

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem — GCN

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


10 ways to recharge cybersecurity ops centers

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem

The ransomware attack on Colonial Pipeline on May 7, 2021, exemplifies the huge challenges the U.S. faces in shoring up its cyber defenses. The private company, which controls a significant component of the U.S. energy infrastructure and supplies nearly half of the East Coast’s liquid fuels, was vulnerable to an all-too-common type of cyber attack. The FBI has attributed the attack to a Russian cybercrime gang. It would be difficult for the government to mandate better security at private companies, and the government is unable to provide that security for the private sector.

Similarly, the SolarWinds hack, one of the most devastating cyber attacks in history, which came to light in December 2020, exposed vulnerabilities in global software supply chains that affect government and private sector computer systems. It was a major breach of national security that revealed gaps in U.S. cyber defenses.

These gaps include inadequate security by a major software producer, fragmented authority for government support to the private sector, blurred lines between organized crime and international espionage, and a national shortfall in software and cybersecurity skills. None of these gaps is easily bridged, but the scope and impact of the SolarWinds attack show how critical controlling these gaps is to U.S. national security.

The SolarWinds breach, likely carried out by a group affiliated with Russia’s FSB security service, compromised the software development supply chain used by SolarWinds to update 18,000 users of its Orion network management product. SolarWinds sells software that organizations use to manage their computer networks. The hack, which allegedly began in early 2020, was discovered only in December when cybersecurity company FireEye revealed that it had been hit by the malware. More worrisome, this may have been part of a broader attack on government…

Source…

The SolarWinds hack pokes holes in Defend Forward

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


In December 2020, the cybersecurity company FireEye discovered a cyber espionage campaign, compromising dozens of government and private organisations in the US.

Orchestrated by subverting the supply-chain of the popular IT administration software-maker SolarWinds, the operation showcased remarkable ingenuity and precise tradecraft at every step of the “kill chain” to skirt around the phenomenal counterintelligence capabilities of the US. They had no plans to outmatch the strategic cyber offensive might of the US, so the spies tactically blended-in with the environment, exploited “transitive trust” of the computers, and used deception to look like routine processes.

Yet, beyond all the technical details, it was the palpable strategic calculus which strikes at the heart of US cyber policy. The SolarWinds hack could potentially upset many of the US’ cyber statecraft initiatives—bolstering national cyber defence in the aftermath of the 2016 electoral interference—which took years to mature.

Widely attributed to the discrete Russian foreign intelligence agency SVR, the intrusion may not be an act of aggression, but it exposes the structural fault-lines within US cyber policy.

Exposure of weaknesses in US cyber policy

The American initiatives were based on certain assumptive paradigms, largely driven by legal and political compulsions rather than the operational realities of the domain. Strategies like the US Cyber Command’s (USCYBERCOM) Defend Forward seek to execute pre-emptive, “extraterritorial” cyber operations in an adversary’s own information space— neutralising a potential threat even before it is initiated. The idea behind it is not to undertake such expeditionary manoeuvres in every hostile network, but to make a credible deterrence threat with the selective use of ‘force.’

Defend Forward aimed at establishing firm declaratory thresholds on one hand, while trying to strike a tacit bargain with the adversary in a contested territory on the other. The strategy was based on some broad, sweeping assumptions:

First, that the traditional structures of deterrence by denial and deterrence by punishment remain valid in cyberspace. Second, that cyberspace…

Source…

Cyber Security Today, April 23 2021 – More SolarWinds news, UK law will tighten consumer internet device security and a warning to QNAP storage users


More SolarWinds news, UK law will tighten consumer internet device security and a warning to QNAP storage users.

Welcome to Cyber Security Today. It’s Friday April 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

 

The number of organizations hit after the compromise of SolarWinds’ Orion network monitoring software last year may be more than originally thought. Security company RiskIQ took a closer look at the scheme and found 18 more servers for command and control than investigators first found. These servers would be used to distribute malware to compromised Orion installations. It was thought that of the 18,000 organizations that downloaded the compromised Orion security update perhaps 100 around the world had their systems hacked. But with the discovery that more servers were involved in the scheme there may be more victim organizations. The U.S., Canada and other countries say Russia’s intelligence service is responsible for the Orion compromise.

If your organization is going to create an app for its products the software had better be secure. According to a security researcher, until recently the app and website for tractor maker John Deere wasn’t. The researcher told Vice.com the vulnerabilities could have exposed data about John Deere customers including names, addresses, the equipment’s ID number and its vehicle ID number. The company has fixed the vulnerabilities, which it called “code misconfigurations.”

Many internet-connected consumer devices have poor security, including weak default passwords. In an effort to increase the cybersecurity of devices sold in the United Kingdom, the government this week promised new legislation with minimum product security requirements. No consumer-connected product will be allowed to be sold unless it has basic cybersecurity measures. These include a ban on default and easily guessable default passwords, having a way device owners can report vulnerabilities to the manufacturer and stating how long security updates will be available for a product. The government will create an enforcement authority to back up the law. It would apply to almost everything except laptops and…

Source…

SolarWinds hacking campaign puts Microsoft in the hot seat

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


BOSTON (AP) — The sprawling hacking campaign deemed a grave threat to U.S. national security came to be known as SolarWinds, for the company whose software update was seeded by Russian intelligence agents with malware to penetrate sensitive government and private networks.



FILE - In this Feb. 23, 2021, file photo, SolarWinds CEO Sudhakar Ramakrishna speaks during a Senate Intelligence Committee hearing on Capitol Hill in Washington. The U.S. government is working to draw attention to supply chain vulnerabilities. It's an issue that received particular attention late last year after suspected Russian hackers gained access to federal agencies and private corporations by sneaking malicious code into widely used software. 
 (Demetrius Freeman/The Washington Post via AP, Pool): Cybersecurity Supply Chain


© Provided by Associated Press
Cybersecurity Supply Chain

Yet it was Microsoft whose code the cyber spies persistently abused in the campaign’s second stage, rifling through emails and other files of such high-value targets as then-acting Homeland Security chief Chad Wolf — and hopping undetected among victim networks.

Loading...

Load Error

This has put the world’s third-most valuable company in the hot seat. Because its products are a de facto monoculture in government and industry — with more than 85% market share — federal lawmakers are insisting that Microsoft swiftly upgrade security to what they say it should have provided in the first place, and without fleecing taxpayers.

Seeking to assuage concerns, Microsoft this past week offered all federal agencies a year of “advanced” security features at no extra charge. But it also seeks to deflect blame, saying it is customers who do not always make security a priority.

Risks in Microsoft’s foreign dealings also came into relief when the Biden administration imposed sanctions Thursday on a half-dozen Russian IT companies it said support Kremlin hacking. Most prominent was Positive Technologies, which was among more than 80 companies that Microsoft has supplied with early access to data on vulnerabilities detected in its products. Following the sanctions announcement, Microsoft said Positive Tech was no longer in the program and removed its name from a list of participants on its website.

The SolarWinds hackers took full advantage of what George Kurtz, CEO of top cybersecurity firm CrowdStrike, called “systematic weaknesses” in key elements of Microsoft code to mine at least nine U.S. government agencies — the departments of Justice and Treasury, among them — and more than 100 private companies and think tanks, including software and telecommunications providers.

The SolarWinds hackers’ abuse of Microsoft’s identity and access…

Source…