Fallout From The SolarWinds Breach Widens

Uploaded on 2021-01-11 in NEWS-Cybersecurity News, FREE TO VIEW

Microsoft say that Britain, along with six other countries have been affected by a suspected Russian hacking attack and has been brought in by clients to assist using its antivirus software. It has been able to map some of the impact of the recently reported, SolarWinds attack. Microsoft has admitted it too had fallen victim to the attack, although it said it had not found “evidence of access to production services or customer data”.

The US Energy Department is the latest agency to confirm it has been breached in what is being described as the worst-ever hack on the United States government. Russian hackers have been monitoring internal email traffic at the US Treasury and Commerce departments, according to some analysts. This is just the beginning. 

The Cybersecurity and Infrastructure Security Agency (CISA) said it has determined that the SolarWinds Orion software vulnerability is not the only way hackers compromised a variety of online networks, warning that in some cases, victims appeared to have been breached despite never using the problematic software.

This will be President-elect Biden’s biggest foreign policy problem that the president-elect has to deal with a a very familiar aspect -  Russia. Moscow’s meddling in the 2016 US presidential election cast a shadow over US politics for four long years. “A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyber assaults on our nation.”

British spy chiefs are investigating whether Russian hackers broke into confidential British files. The National Cyber Security Centre (NCSC), part of GCHQ, is examining potential leaks after a hacking group cracked software developed by American business SolarWinds. 

SolarWinds systems are used by the UK Government departments including GCHQ the Ministry of Defence, the Cabinet Office and the Ministry of Justice and other online contents suggests the Home Office is also an active user.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. Those breaches of US systems have done much to define how America sees cyber-space, and how it defends itself and they have learnt it is not always possible to stop them. 

The first person to trail foreign hackers taking sensitive US data was not a spy, but an astronomer who was worried about an unpaid $0.75. In 1986, Cliff Stoll looked after the computer networks at his lab. and he noticed someone logging in to use the computer without paying. In the coming months, he would follow their trail and observe the unknown party searching for military-related data. 

In his book, Cuckoo's Egg, Stoll reveals how he eventually traced the login to a group of hackers in Germany, who had sold their access to the KGB, Moscow's intelligence service. 

A decade later, in the mid 1990s, the first major cyber espionage campaign conducted by a state intelligence agency was uncovered. Codenamed Moonlight Maze, some of the details remain classified. But this was a group of highly sophisticated hackers working quietly to steal US military secrets through a backdoor. The hackers took vast amounts of information and, for  defence officials feared they might leave something behind  to sabotage their systems. 

The US investigators were confident they knew who was behind it. The attackers worked 08:00 to 17:00 Moscow time (but never on a Russian holiday) and Russian language was found in the code. Moscow denied everything, and stalled the investigation. 

In 2008, the rogue USB stick loaded with malware - possibly found in a car park on a military base overseas, rocked Washington. It allowed hackers to penetrate classified US military systems which were supposed to be kept offline. It took four months for an analyst to spot the breach at US Central Command and even longer to fix it. It was found to be linked to the same group that was behind Moonlight Maze.  

This shock led directly to the creation of US Cyber Command within the Pentagon - a team set up to protect sensitive networks, but also to hunt adversaries online. In the subsequent years, China has received rather more attention, particularly with regard to stealing commercial secrets, but Russia has remained equally destructive. 

During the 2016 US presidential election, it turned out that not one, but two, Russian intelligence service hacking teams were inside the Democratic party. The team from the foreign intelligence agency, the SVR, stayed undercover, but the military intelligence team from the GRU, known as Fancy Bear  had a different idea. It leaked the material it stole, causing disruption and, arguably, playing a role in shifting the course of the election. The problem was no one had been prepared for this kind of "information operation". 

In the 2020 presidential election, organisations were on their guard for election interference from Russia. But what they didn't realise was that old-fashioned espionage was carrying on unnoticed, with Russian intelligence again believed to be the culprit. Once again Moscow has denied any role.

The SolarWinds operation began in March 2020, if not much earlier and the long term effects will doubtless emerge over time, but right now US federal officials talk of a "grave risk" because of the sheer scale of possible compromise of departments, companies and organisations. But others disagree describing it as an extreme example of what is actually 'routine espionage'. They also say that the US is not just the victim, but also the perpetrator of these type of hacks. The Snowden revelations of 2013 showed that both the US and th UK are effective in the way they monitor and steal secrets from other countries in ways that are no different to China and Russia.  

In cyberspace, the attacker normally has the advantage in finding a new way in before the defender can take protective measure and as long as there are secrets online the most capable spies, especially those from Russia, will be trying to steal them.

Sophisticated attackers will  prioritise surreptitious entrances and exits using hidden backdoors that avoid the wholesale ransacking of computer systems used by less expert criminal groups that serve to alert defenders. 'Quiet' hackers are typically more focused on covering their tracks and such quiet attacks can often be the most effective at gathering specific, sensitive information over a period of months. Indeed, while the details of what was taken and from whom are not yet public, the agencies and companies themselves may not even know for a while.

Cyber security is currently a very difficult job under the best of circumstances and while the US National Security Agency keeps military secrets locked down, civilian agencies don't have the same resources to defend themselves. 

Reuters:      GovUK:      New York Times:      The Verge:     Washington Post:    CNN:   Guardian:

Guardian:     BBC:    BBC:     Telegraph:     

You Might Also Read: 

The Cyber Security Top Ten Power List:

 
« Healthcare Is The Prize Target For Cyber Criminals
WEBINAR: Build An Effective Cloud Threat Intelligence Program In The AWS Cloud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

CERT-In

CERT-In

CERT-In is a functional organisation of the Ministry of Information & Electronics Technology, Government of India, with the objective of securing Indian cyber space.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

IDnow

IDnow

IDnow is the world’s fastest, most flexible and most secure identity verification platform, delivering instant verification of the identity documents used by 7 billion people.

Shinobi Cyber

Shinobi Cyber

Shinobi Defense System is an integrated security system that absolutely secures information with smart, automatic encryption and protects your endpoints by stopping any unauthorized actions.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

Devel

Devel

Devel is a LATAM cybersecurity company specialized in providing red, blue and purple team services for the financial sector.

Cyberarch Consulting

Cyberarch Consulting

Cyberarch is a security-focused consulting firm. We provide services specializing in information security, digital forensics, penetration testing and cyber security training.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.

VP Techno Labs

VP Techno Labs

VP Techno Labs is an award-winning cybersecurity firm focusing only cybersecurity to develop cutting edge solutions for emerging business.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

OSP Cyber Academy

OSP Cyber Academy

OSP Cyber Academy are a managed service provider of cyber, information security and data protection training.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.