Tag Archive for: SolarWinds

The Cybersecurity 202: Congressional scrutiny heats up of government response to the SolarWinds hack

/in


Russian actors were able to exploit a vulnerability in SolarWinds products and other software to infiltrate the networks of at least eight government agencies and potentially thousands of other companies and governments around the world.

Testifying before the panel will be former cybersecurity officials Chris Krebs, Sue Gordon and Michael Daniel as well as cybersecurity expert Dmitri Alperovitch.

Lawmakers will be looking for answers as to why, despite significant investments in federal network security, Russians managed to lurk unnoticed in government systems for months. Lawmakers are working with other key committees to learn more about the campaign, Thompson says.

Also likely to come up is a recent hack of a Florida town’s water supply, a committee spokesperson said. The attempted poisoning of the water supply by a hacker has raised alarm about serious vulnerabilities in U.S. critical infrastructure.

“Today we will be discussing what I hope will be a bipartisan endeavor making cyberspace more secure and networks more resilient, Thompson said in a statement to The Cybersecurity 202. Thankfully, after four years, Congress now has a willing and able cybersecurity partner in the White House. I am optimistic about the progress we can make but we must work quickly to make up for lost time.

Other cybersecurity leaders in Congress are cranking up pressure on Biden to better coordinate investigative efforts.

Leaders of the Senate Intelligence Committee say President Biden’s intelligence leaders need to get their act together when it comes to coordinating a response to the attack.

The briefings we have received convey a disjointed and disorganized response to confronting the breach, Sen. Mark R. Warner (D-Va.), chairman of the Senate Select Committee on Intelligence and vice chair Sen. Marco Rubio (R-Fla.) wrote to agency leaders. Taking a federated rather than a unified approach means that critical tasks that are outside the central roles of your respective agencies are likely to fall through the cracks.

The pair urged the agencies to pick a leader who has the authority to coordinate the response, set priorities, and direct resources to where they are…

Source…

Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency

/in


By Christopher Bing, Jack Stubbs, Raphael Satter and Joseph Menn



a group of people sitting in front of a building: FILE PHOTO: SolarWinds Corp. banner hangs on the company's IPO at the NYSE in New York

© Reuters/Brendan McDermid
FILE PHOTO: SolarWinds Corp. banner hangs on the company’s IPO at the NYSE in New York

WASHINGTON (Reuters) – Suspected Chinese hackers exploited a flaw in software made by SolarWinds Corp to help break into U.S. government computers last year, five people familiar with the matter told Reuters, marking a new twist in a sprawling cybersecurity breach that U.S. lawmakers have labeled a national security emergency.



a sign on the side of a building: FILE PHOTO: Exterior view of SolarWinds headquarters in Austin

© Reuters/SERGIO FLORES
FILE PHOTO: Exterior view of SolarWinds headquarters in Austin

Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.

Loading...

Load Error

The software flaw exploited by the suspected Chinese group is separate from the one the United States has accused Russian government operatives of using to compromise up to 18,000 SolarWinds customers, including sensitive federal agencies, by hijacking the company’s Orion network monitoring software.

Security researchers have previously said a second group of hackers was abusing SolarWinds’ software at the same time as the alleged Russian hack, but the suspected connection to China and ensuing U.S. government breach have not been previously reported.

Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies.

The Chinese foreign ministry said attributing cyberattacks was a “complex technical issue” and any allegations should be supported with evidence. “China resolutely opposes and combats any form of cyberattacks and cyber theft,” it said in a statement.

SolarWinds said it was aware of a single customer that was compromised by the second set of hackers but that it had “not found anything…

Source…

Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say

/in


News Highlights: Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say.

Almost a third of the victims have it

SolarWinds Corp.

SWI 0.24%

software initially considered the main attack route for the hackers, according to investigators and the government agency who looked into the incident. The revelation sparks concerns that the episode exploited vulnerabilities in enterprise software used by millions every day.

SHARE YOUR THOUGHTS

What changes do you think the U.S. government and businesses may need to make to protect data? Join the conversation below.

Hackers linked to the attack have broken into these systems by exploiting known bugs in software products, guessing passwords online, and responding to a variety of issues in the way

Microsoft Corp.’s

MSFT -2.92%

According to the researchers, cloud-based software has been configured.

About 30% of both private and government victims linked to the campaign had no direct affiliation with SolarWinds, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview.

The attackers “gained access to their targets in various ways. This adversary has been creative, ”said Mr. Wales, whose agency, part of the United States Department of Homeland Security, is coordinating the government’s response. “It is absolutely correct that this campaign should not be viewed as the SolarWinds campaign.”

Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, at a Senate subcommittee hearing in December.

Photo:

Rod Lamkey – Cnp / Zuma Press

Company investigators come to the same conclusion. Last week, computer security company Malwarebytes Inc. that some of his Microsoft cloud email accounts were compromised by the same attackers which SolarWinds attacked, using what Malwarebytes called “another intrusion vector.” The hackers broke into a Malwarebytes Microsoft Office 365 account and took advantage of a loophole in the software’s configuration to access a greater number of email accounts, Malwarebytes said. The company said it does not use SolarWinds software.

The incident showed how advanced attackers could jump from one cloud…

Source…

After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face

/in


Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March—if not before, as a report by the threat-intelligence firm ReversingLabs suggests—a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients. An estimated eighteen thousand of them downloaded the malware-ridden updates, which were embedded in a SolarWinds product called Orion. Once they did, the hackers were able to roam about customers’ networks, undetected, for at least nine months. “This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” the Cybersecurity and Infrastructure Security Agency (CISA) wrote, in its assessment of the breach. “CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.” CISA, which is part of the Department of Homeland Security, is a SolarWinds client. So is the Pentagon, the Federal Bureau of Investigation, and U.S. Cyber Command.

By now, hacking has become so routine that it’s hardly remarkable. Each morning, I wake up to an e-mail from the cybersecurity firm Recorded Future, listing the hacking groups and targets that its algorithms have uncovered in the previous twenty-four hours. The hackers have cute names, such as Lizard Squad and Emissary Panda. Their targets are a mix of commercial businesses—such as Sony and Lord & Taylor—and government sites, including those of the State Department, the White House, the Air Force, and the Securities and Exchange Commission. Most days, I also get an alert from M.S.-ISAC, the Multi-State Information Sharing and Analysis Center, the real-time threat-reporting division of the nonprofit Center for Internet Security, disclosing newly discovered vulnerabilities. There is never a day when there aren’t numerous attacks and multiple software systems…

Source…