Why Russian hack is so important, and why it is close to the worst case

It is not often that the United States Treasury Department and Iowa State University are dealing with the same security problem.

Such a breadth is known, known as the Solarwinds hack, named after a Texas-based company that was used as a platform for espionage operations, so that experts To say that we are only beginning to understand who was affected and what was stolen. The Treasury is trying to find out how many senior officials’ email accounts were monitored. Iowa State University has decommissioned the servers to investigate the hackers to see it.

Around the world, at least hundreds, but companies, schools, think tanks, and thousands of thousands of organizations, most notably, every major government agency – are working frugally to see if they are suspicious Russian hacking campaigns are affected, and if so, how much access the hackers had.

It is not rare for companies or government agencies to suffer security breaches. The campaign has compared the 2014 hack of the US Office of Personnel Management to China, which stores personal information of almost all government employees, including undercover agents. But experts say the SolarWinds hack is unique in its scope, possibly the largest espionage operation against America in history – and it lasted for nine months without being seen.

“The point is, we don’t know how big it is, and at the same time it may be the largest yet,” Sergio Caltagirone, vice president of threat intelligence at cybercity firm Dragos, which is currently in process . Helping industrial and manufacturing companies tackle hacking operations and its consequences.

Only a handful of organizations, including cybercity company FireEye and three US federal agencies — the Department of Commerce, Energy and the Treasury — have admitted to be seriously affected so far. But the cyber security industry is aware of a compromise of “a little over 200”, Caltagirone said, with that number but guaranteed to grow.

“Most organizations still lack basic visibility to even assess whether they were compromised,” Caltagirone said. “We know that we are going through the victims here. We know for a fact. “

The campaign is so extensive because hackers have pulled off a textbook case of a “supply-chain attack”. Instead of breaking up into individual organizations, many of which have strong cybersecurity measures in place, hackers – widely regarded as Russia’s SVR intelligence agency, though most Trump officials have only publicly pointed fingers at Russia Has pointed – violated SolarWinds located in Austin, Texas. , A company that has a huge customer base.

Unlike some of Russia’s wealthy agencies, like the FSB, accused of poisoning Russian dissidents or GRUs, who hack Russia’s opponents to dislike it and leak content, to SVR for its functioning, long-term intelligence operations Is known.

SolarWinds provides software that helps large organizations manage their computer networks, and thus is automatically allowed to remain in those networks without raising the alarm. In March, hackers accused the company of regular software updates, malicious code in the company and a government investigation, creating a possible backdoor in any of the company’s thousands of customers.

While the question of who was affected is still open, SolarWinds said in an SEC filing that it had informed 33,000 customer organizations that they were infected, and could only reduce the suspected number of actual victims to less than 18,000.

Although SolarWinds has released an update of its software, given the fact that the hackers had nine months of head start, Neil Jenkins, chief analytical officer in cyber networks, said that they probably created additional entry points into the network. Alliance, a cyber security industry group and a former senior cyber security officer in the Department of Homeland Security.

“As soon as you come into a network, you’re going to set up other possible backdoor and ways to get in if you’re locked in the original way,” Jenkins said. “So just because you’ve stopped SolarWinds infiltration doesn’t mean you’ve solved the problem.”

The victims category also transcends SolarWinds’ extensive customer base. The US Cyber ​​Security and Infrastructure Security Agency (CISA), which is spearheading the federal government’s technical response to the hacking campaign, warned that the same hackers could be infected victims by means other than solarwinds.

Hackers ‘lead time and exceptional access to the network mean that aggrieved organizations must choose between two unpleasant options: spending significant resources through their computers in the hope that they can wipe out hackers’ foothills, or scratch Can rebuild its network, Suzanne said, as the current head of CISA and currently director of the Center for Strategic and International Studies think tank Democratic Institutions.

“I think we will try to find out the full scope and scale of at least months,” Spaulding said. “And trying to recover in at least months, trying to take out the adversary or abandon the ship and rebuild safely.”

“It’s not an adversary that goes on finding out,” she said. “They fight to maintain their constant presence, and we for a while, I doubt I’m going to war.”

Leave a Reply

Your email address will not be published. Required fields are marked *