Tag Archive for: SolarWinds

SolarWinds Hackers Also Went After NASA and the FAA

/in


Illustration for article titled SolarWinds Hackers Also Went After NASA and the FAA

Photo: Mark Wilson (Getty Images)

Apparently not content with having penetrated the networks of such piddling federal agencies as the U.S. State Department, the Department of Homeland Security, and that agency that maintains our nuclear stockpile, the hackers of the “SolarWinds” affair also went after NASA and the Federal Aviation Administration, according to a new report from the Washington Post.

The report comes shortly after a briefing last week when White House national security adviser Anne Neuberger explained that approximately 100 different companies and a total of nine federal agencies had been successfully “compromised” by foreign hackers. The foreign intrusion campaign (likely “Russian in origin,” as officials have put it) is thought to be the largest in U.S. history.

The Neuberger update was the first official tally provided by the Biden administration on the extent to which government networks had been breached. At the time of her comments, all but two of those nine agencies had already been outed as targets (they include: the State Department, DHS, and the Departments of Energy, Justice, Commerce, Treasury, and the National Institutes of Health). Now, the Washington Post seems to have identified the stragglers. Per the paper’s report:

Last week, Neuberger said the government found that computer systems at nine federal agencies were compromised. She did not name them, but The Post has confirmed the identities with U.S. officials. They include NASA and the Federal Aviation Administration, which have not previously been publicly identified.

It is unknown what kind of access the hackers may have had to either agency. However, officials have said that, in instances where the government was breached, all data that was stolen was unclassified and that operational systems were never accessed. NASA reportedly told the newspaper that they continue to work with the U.S. cyber agency CISA on “mitigation efforts to secure NASA’s data and network.” We have reached out to both NASA and the FAA for comment and will update if they respond.

The revelations add little to the overall “SolarWinds” narrative, but underline the scope of the intel-gathering operations…

Source…

Biden Likely to Take Executive Action on SolarWinds Hack

/in


(TNS) — President Joe Biden is likely to address the various security gaps that led to the SolarWinds hack that has thus far exposed at least nine U.S. federal agencies and about 100 U.S. companies, Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, said Wednesday.

“We are working on close to about a dozen things; likely eight will pass. They’ll be part of an upcoming executive action to address the gaps we’ve identified in our review of this incident,” Neuberger said at her first White House briefing since being named to coordinate the U.S. government response to the hack.

Those actions are part of a three-step process to find and remove malware, fix gaps in security and design a response, Neuberger said.

Cybersecurity experts have said the hack is one of the most devastating cyberattacks ever perpetrated. Russian intelligence agency hackers are said to have gained access to servers belonging to network computer management software maker SolarWinds and inserted malware into the software that was then downloaded by at least 18,000 customers of the company, including U.S. government agencies and Fortune 500 companies.

The cleanup effort could take months and could identify more victims, even as new attacks emerge, Neuberger said.

“The scale of the potential access far exceeded the number of known compromises,” she said. “Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions.

“We believe we’re in the beginning stages of understanding the scope and scale, and we may find additional compromises,” she said.

Files, emails and other material on the networks of companies and agencies that have been affected may be compromised, and the investigation underway…

Source…

How the SolarWinds hack and COVID-19 are changing cybersecurity spending

/in


Top security pros say the SolarWinds hack and the COVID-19 pandemic have accelerated a change in their cybersecurity spending patterns.

Not only must chief information security officers secure an increasingly distributed workforce, but they now must also be wary of software code coming from reputable vendors, including the very patches designed to protect them against cyberattacks. Organizations are increasingly prioritizing zero-trust approaches, including simplified identity access management, better endpoint protection and cloud security. And while leading solutions in these sectors are gaining momentum, traditional legacy offerings are being managed down from a spending perspective.

In this Breaking Analysis, we’ll summarize CISO sentiments from a recent Enterprise Technology Research VENN session and provide our quarterly update of the cybersecurity market. In an upcoming episode we’ll be inviting Erik Bradley of ETR to provide deeper analysis on these trends. Here we’ll give you a first look and initial reading of what’s happening in the information security sector as we kick off 2021.

SolarWinds attack: ‘Like nothing we’ve ever seen’

It’s been covered in the press but in case you don’t know the details, SolarWinds is a company that provides software to monitor many aspects of on-premises infrastructure, including network performance, log files, configuration data, storage, servers and the like. Like all software companies, SolarWinds sends out regular updates and patches. Hackers were able to infiltrate the update and “trojanize” the software — meaning when customers installed the updates, the malware just went along for the ride.

The reason this is so insidious is that often hackers will target installations that haven’t installed patches or updates and identify vulnerabilities in the infrastructure that exist as a result. In this case, the very code designed to protect organizations actually facilitated a breach. According to experts, this was quite a sophisticated attack with multiple variants that most believe was perpetrated by the Russian hacker group Cozy Bear, an advanced persistent threat or APT as classified by the U.S….

Source…

US Court system demands massive changes to court documents after SolarWinds hack

/in


Multiple senators have demanded a hearing on what court officials know about the hackers’ access to sensitive filings. The effects could make accessing documents harder for lawyers.

Supreme court

Image: iStock/Bill Chizek

The House Homeland Security Committee held its first hearings this week on the devastating SolarWinds attack that gave Russian hackers months-long access to critical US government departments. But Senators are now demanding more information about the attacker’s infiltration of the US court system, which has already been forced to make changes in how documents are filed as a result of the attack.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Last month, director of the Administrative Office of the U.S. Courts James Duff sent a letter addressed to “All United States Judges” that admitted the Case Management/Electronic Case Filing system, which holds some of the most sensitive documents held by the government, had been breached. He said the hack risked “compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings.”

“Certain sealed filings in CM/ECF, however, contain sensitive non-public information that, if obtained without authorization and improperly released, could cause harm to the United States, the Federal Judiciary, litigants, and others. Your immediate action is needed to mitigate this apparent compromise and reduce the risk of future compromises of confidential court filings,” Duff wrote, asking all courts to “issue a standing or general order or adopt some other equivalent procedure requiring that highly sensitive documents (HSDs) will be accepted for filing only in paper form or via a secure electronic device.”

“Highly sensitive documents should be stored in a secure paper filing system or a secure standalone computer system that is not connected to any network, particularly the internet. The AO will provide courts with model language for a standing or…

Source…