MESSAGE
DATE | 2021-01-29 |
FROM | Ruben Safir
|
SUBJECT | Subject: [Hangout - NYLXS] Solarwidns hack deepens
|
From hangout-bounces-at-nylxs.com Fri Jan 29 08:49:34 2021 Return-Path: X-Original-To: archive-at-mrbrklyn.com Delivered-To: archive-at-mrbrklyn.com Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82]) by mrbrklyn.com (Postfix) with ESMTP id B611C163FE6; Fri, 29 Jan 2021 08:49:33 -0500 (EST) X-Original-To: hangout-at-nylxs.com Delivered-To: hangout-at-nylxs.com Received: from [10.0.0.62] (www.mrbrklyn.com [96.57.23.83]) by mrbrklyn.com (Postfix) with ESMTP id ED8FA163FCB; Fri, 29 Jan 2021 08:49:30 -0500 (EST) To: Hangout , Rick Moen From: Ruben Safir Message-ID: <16932547-8313-207a-a675-073886f54847-at-mrbrklyn.com> Date: Fri, 29 Jan 2021 08:48:24 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 Content-Language: en-US Subject: [Hangout - NYLXS] Solarwidns hack deepens X-BeenThere: hangout-at-nylxs.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: NYLXS Tech Talk and Politics List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Errors-To: hangout-bounces-at-nylxs.com Sender: "Hangout"
https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-sola= rwinds-software-investigators-say-11611921601?mod=3Dhp_lead_pos7
Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say Robert McMillan and Dustin Volz 11-14 minutes
Close to a third of the victims didn=92t run the SolarWinds Corp. SWI -4.88% software initially considered the main avenue of attack for the hackers, according to investigators and the government agency digging into the incident. The revelation is fueling concern that the episode exploited vulnerabilities in business software used daily by millions. SHARE YOUR THOUGHTS
What changes do you think the U.S. government and companies might need to make to safeguard data? Join the conversation below.
Hackers linked to the attack have broken into these systems by exploiting known bugs in software products, by guessing online passwords and by capitalizing on a variety of issues in the way Microsoft Corp.=92s MSFT 2.59% cloud-based software is configured, investigators said.
Approximately 30% of both the private-sector and government victims linked to the campaign had no direct connection to SolarWinds, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview.
The attackers =93gained access to their targets in a variety of ways. This adversary has been creative,=94 said Mr. Wales, whose agency, part of the U.S. Department of Homeland Security, is coordinating the government response. =93It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.=94
Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, at a Senate subcommittee hearing in December. Photo: Rod Lamkey - Cnp/Zuma Press
Corporate investigators are reaching the same conclusion. Last week, computer security company Malwarebytes Inc. said that a number of its Microsoft cloud email accounts were compromised by the same attackers who targeted SolarWinds, using what Malwarebytes called =93another intrusion vector.=94 The hackers broke into a Malwarebytes Microsoft Office 365 account and took advantage of a loophole in the software=92s configuration to gain access to a larger number of email accounts, Malwarebytes said. The company said it doesn=92t use SolarWinds software.
The incident demonstrated how sophisticated attackers could leapfrog from one cloud-computing account to another by taking advantage of little-known idiosyncrasies in the ways that software authenticates itself on the Microsoft service, investigators said. In many of the break-ins, the SolarWinds hackers took advantage of known Microsoft configuration issues to trick systems into giving them access to emails and documents stored on the cloud.
Biden White House Faces Three Problems From Suspected Russian Hack
0:00 / 2:17
1:28
Biden White House Faces Three Problems From Suspected Russian Hack
Biden White House Faces Three Problems From Suspected Russian Hack A suspected Russian cyberattack of the federal government has breached at least six cabinet-level departments. WSJ=92s Gerald F. Seib explains what the hack means for President Joe Biden's national security efforts. Photo illustration: Laura Kammermann (Originally Published Dec. 23, 2020)
SolarWinds itself is probing whether Microsoft=92s cloud was the hackers=92 initial entry point into its network, according to a person familiar with the SolarWinds investigation, who said it is one of several theories being pursued.
=93We continue to collaborate closely with federal law enforcement and intelligence agencies to investigate the full scope of this unprecedented attack,=94 a SolarWinds spokesman said in an email.
=93This is certainly one of the most sophisticated actors that we have ever tracked in terms of their approach, their discipline and range of techniques that they have,=94 said John Lambert, the manager of Microsoft=92s Threat Intelligence Center.
In December, Microsoft said that the hackers who targeted SolarWinds had accessed its own corporate network and viewed internal software source code=97a lapse of security but not a catastrophic breach, according to security experts. At the time, Microsoft said it had =93found no indications that our systems were used to attack others.=94
=93 =91How do I know that Zoom or Slack isn=92t next and what do I do?=92 = =94
=97 Malwarebytes CEO Marcin Kleczynski
The hack will take months or more to fully unravel and is raising questions about the trust that many companies put in their technology partners. The U.S. government has publicly blamed Russia, which has denied responsibility.
The data breach has also undermined some of the pillars of modern corporate computing, in which companies and government offices entrust myriad software vendors to run programs remotely in the cloud or to access their own networks to provide updates that enhance performance and security.
Now corporations and government agencies are grappling with the question of how much they can truly trust the people who build the software they use.
=93Malwarebytes relies on 100 software suppliers,=94 said Marcin Kleczynski, the security company=92s chief executive. =93How do I know that Zoom or Slack isn=92t next and what do I do? Do we start building software in-house= ?=94
Malwarebytes CEO Marcin Kleczynski in 2014. Photo: Gary Reyes/TNS/Zuma Press
The attack surfaced in December, when security experts discovered hackers inserted a backdoor into updates to SolarWinds=92 software, called Orion, which was used widely across the federal government and by a swath of Fortune 500 companies. The scope and sophistication of the attack surprised investigators almost the moment they began their probe.
SolarWinds has said that it traced activity from the hackers back to at least September 2019, and that the attack gave the intruders a digital back door into as many as 18,000 SolarWinds customers.
Mr. Wales of the Cybersecurity and Infrastructure Security Agency said some victims were compromised before SolarWinds deployed the corrupted Orion software about a year ago. SolarWinds Hack and Cybersecurity
The departments of Treasury, Justice, Commerce, State, Homeland Security, Labor and Energy all suffered breaches. In some cases hackers accessed the emails of those in senior ranks, officials have said. So far, dozens of private-sector institutions have also been identified as compromised in the attack, Mr. Wales said, adding that the total is well under 100.
Investigators have tracked the SolarWinds activity by identifying the tools, online resources and techniques used by the hackers. Some U.S. intelligence analysts have concluded that the group is tied to Russia=92s foreign intelligence service, the SVR.
Mr. Wales said his agency isn=92t aware of cloud software other than Microsoft=92s targeted in the attack. And investigators haven=92t identified another technology company whose products were broadly compromised to infect other organizations the way SolarWinds was, he said.
The effort to target Microsoft=92s cloud software shows the breadth of hackers=92 efforts to steal sensitive data. Microsoft is the world=92s largest business software provider, and its systems are widely used by corporations and government agencies.
=93There are lots and lots of different ways into the cloud,=94 said Dmitri Alperovitch, executive chairman of the Silverado Policy Accelerator, a cybersecurity think tank. Because so many companies have moved to the Microsoft 365 cloud in recent years, it =93is now one of the top targets,= =94 he said.
Another security company that doesn=92t use the SolarWinds software, CrowdStrike Inc., CRWD 5.75% said the same attackers unsuccessfully tried to read its email by taking control of an account used by a Microsoft reseller that it worked with. The hackers then attempted to use that account to access CrowdStrike=92s email.
In December, Microsoft notified both CrowdStrike and Malwarebytes that the SolarWinds hackers had targeted them. Microsoft said then that it had identified more than 40 customers hit by the attack. That number has since increased, said a person familiar with Microsoft=92s thinking.
When the SolarWinds hack was first uncovered, current and former national security officials quickly concluded it was one of the worst breaches on record=97an intelligence coup that went undetected for several months or longer that allowed suspected Russian spies access to internal emails and other files in several government agencies.
As investigators have learned more about the scope of the hack and its reach beyond SolarWinds, officials and lawmakers have begun to speak about it in even more dire terms. Last week, President Joe Biden instructed his director of national intelligence, Avril Haines, to conduct a review of Russian aggression against the U.S., including the SolarWinds hack.
=93This is the greatest cyber intrusion, perhaps, in the history of the world,=94 Sen. Jack Reed, a Democrat, said earlier this month during a confirmation hearing for Ms. Haines.
Avril Haines at her confirmation hearing before the Senate Intelligence Committee earlier this month. Photo: Joe Raedle - Pool Via Cnp/Zuma Press
Mr. Wales said that the hacking operation was =93substantially more significant=94 than a previous hacking spree against cloud providers, known as Cloud Hopper and linked to the Chinese government, widely considered to be one of the largest-ever corporate espionage efforts. The hackers in this campaign have been able to compromise core infrastructure of government and private sector victims in a way that dwarfs that attack, Mr. Wales said.
Investigators still believe the primary purpose of the hacking campaign, which the government has said is ongoing, is to glean information by spying on federal agencies and high-value corporate networks=97or compromise other technology companies whose access could lead to follow-on attacks.
=93We continue to maintain that this is an espionage campaign designed for long-term intelligence collection,=94 Mr. Wales said. =93That said, when you compromise an agency=92s authentication infrastructure, there is a lot of damage you could do.=94
=97For more WSJ Technology analysis, reviews, advice and headlines, sign up for our weekly newsletter.
Write to Robert McMillan at Robert.Mcmillan-at-wsj.com and Dustin Volz at dustin.volz-at-wsj.com
Copyright =A92020 Dow Jones & Company, Inc. All Rights Reserved. -- =
So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 _______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|