Tag: SolarWinds | Page 6

SolarWinds hackers could have been halted by simple security measure – report

June 22, 2021/in Internet Security

Meanwhile the US Securities and Exchange Commission (SEC) has opened a probe into the breach, focusing on whether some companies failed to disclose that they had been affected by the unprecedented hack, two persons familiar with the investigation said.

The SEC sent investigative letters late last week to a number of public issuers and investment firms seeking voluntary information on whether they had been victims of the hack and failed to disclose it, said the persons, speaking under the condition of anonymity to discuss confidential investigations.

The agency is also seeking information on whether public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading.

The agency is also looking at the policies at certain companies to assess whether they are designed to protect customer information, one of the people said.

The SEC’s press office declined to comment.

A spokesperson for SolarWinds said in a statement: “Our top priority since learning of this unprecedented attack by a foreign government has been working closely with our customers to understand what occurred and remedy any issues.”

The company was also “collaborating with government agencies in a transparent way,” the statement said.

US securities law requires companies to disclose material information that could affect their share prices, including cyber breaches, although cyber security disclosure failures are still relatively new enforcement territory for the SEC.

If the issuers and investment firms respond to the letters by disclosing details about the breaches, they would not be subject to enforcement actions related to historical failures, including internal accounting control failures, the people said.

While the letters are focused on the SolarWinds breach, the SEC may develop future policies on the impact of cyber security issues on the markets and on investors, the people said.

REUTERS

Source…

SolarWinds hackers could have been deterred by simple security measures, officials say

June 22, 2021/in Computer Security

Implementing basic security measures could have helped deter or minimise the massive SolarWinds hack that enabled threat actors to compromise at least nine government agencies and hundreds of private firms.

In a letter sent to Senator Ron Wyden earlier this month, US Cybersecurity and Infrastructure Security Agency (CISA) acting director Brandon Wales acknowledged that firewalls placed in computer networks of victim organisations could have helped block the malware used in the SolarWinds attack.

“CISA agrees that a firewall blocking all outgoing connections to the internet would have neutralised the malware,” Wales wrote, according to The Hill.

in February, Wyden contacted CISA with a list of queries about the agency’s ability to spot zero-day exploits and other malicious network activity using its $6 billion EINSTEIN sensor system. Wyden asked why CISA had failed to detect network traffic that enabled hackers to install a corrupted SolarWinds update package and send additional payloads to compromised systems.

The SolarWinds hack was disclosed in December after the US Treasury Department and the US Department of Commerce’s National Telecommunications and Information Administration (NTIA) were found to have been compromised in a massive cyber campaign.

The attackers were able to breach networks after compromising SolarWinds’ network monitoring software Orion, which was widely used by various government departments and private companies.

The hackers inserted malicious code into legitimate software updates for the Orion software, which allowed them remote access into the victim’s environment.

The White House blamed Russia for the intelligence coup and sanctioned several Russian officials and organisations in April. Russia has denied the allegations, saying it had no involvement in the hack.

According to Wales, the malware deployed by hackers would have been neutralised had victims set up their firewalls to block all outbound connection attempts from the servers running SolarWinds.

Several targeted organisations that had properly configured their firewalls were able to block outbound connections, with no “follow-on exploitation,” Wales said.

According to Wyden’s office, SolarWinds…

Source…

Cyber agency says SolarWinds hack could have been deterred by simple security measures

June 22, 2021/in Computer Security

The SolarWinds hack, one of the largest cybersecurity incidents in U.S. history, may have been deterred or minimized if basic security measures had been put in place, a top government official acknowledged earlier this month.

a person using a laptop computer: Cyber agency says SolarWinds hack could have been deterred by simple security measures

© The Hill
Cyber agency says SolarWinds hack could have been deterred by simple security measures

In a June 3 letter to Sen. Ron Wyden (D-Ore.) provided to The Hill on Monday, Cybersecurity and Infrastructure Security Agency (CISA) acting Director Brandon Wales agreed with Wyden’s question over whether firewalls placed in victim agency systems could have helped block the malware virus used in the SolarWinds attack.

“CISA agrees that a firewall blocking all outgoing connections to the internet would have neutralized the malware,” Wales wrote.

He stressed, however, that while the agency “did observe victim networks with this configuration that successfully blocked connection attempts and had no follow-on exploitation, the effectiveness of this preventative measure is not applicable to all types of intrusions and may not be feasible given operational requirements for some agencies.”

Wales said that CISA does not have numbers on how many federal agencies were segmenting and segregating their networks, a key security guideline the agency has long recommended as a way to prevent hackers from moving through sensitive networks.

He also emphasized that CISA is making “urgent improvements” to increase its understanding of cyber threats to federal networks, including using some of the $650 million included in the American Rescue Plan Act to move security protections inside of agency networks instead of just guarding the perimeters.

“We must ensure the development of a modern cybersecurity governance structure and capabilities,” Wales wrote. “We need cybersecurity tools and services that provide us a better chance of detecting the most sophisticated attacks. And we need to rethink our approach to managing cybersecurity across 101 Federal Civilian Executive Branch agencies.”

Reuters first reported the letter and its findings Monday.

Video: Microsoft warns of new hack by group behind SolarWinds attack (CNBC)