MESSAGE
| DATE | 2021-01-29 |
| FROM | Ruben Safir
|
| SUBJECT | Subject: [Hangout - NYLXS] Solarwidns hack deepens
|
From hangout-bounces-at-nylxs.com Fri Jan 29 08:49:34 2021
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82])
by mrbrklyn.com (Postfix) with ESMTP id B611C163FE6;
Fri, 29 Jan 2021 08:49:33 -0500 (EST)
X-Original-To: hangout-at-nylxs.com
Delivered-To: hangout-at-nylxs.com
Received: from [10.0.0.62] (www.mrbrklyn.com [96.57.23.83])
by mrbrklyn.com (Postfix) with ESMTP id ED8FA163FCB;
Fri, 29 Jan 2021 08:49:30 -0500 (EST)
To: Hangout , Rick Moen
From: Ruben Safir
Message-ID: <16932547-8313-207a-a675-073886f54847-at-mrbrklyn.com>
Date: Fri, 29 Jan 2021 08:48:24 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.7.0
MIME-Version: 1.0
Content-Language: en-US
Subject: [Hangout - NYLXS] Solarwidns hack deepens
X-BeenThere: hangout-at-nylxs.com
X-Mailman-Version: 2.1.30rc1
Precedence: list
List-Id: NYLXS Tech Talk and Politics
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Errors-To: hangout-bounces-at-nylxs.com
Sender: "Hangout"
https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-sola=
rwinds-software-investigators-say-11611921601?mod=3Dhp_lead_pos7
Suspected Russian Hack Extends Far Beyond SolarWinds Software,
Investigators Say
Robert McMillan and Dustin Volz
11-14 minutes
Close to a third of the victims didn=92t run the SolarWinds Corp. SWI
-4.88% software initially considered the main avenue of attack for the
hackers, according to investigators and the government agency digging
into the incident. The revelation is fueling concern that the episode
exploited vulnerabilities in business software used daily by millions.
SHARE YOUR THOUGHTS
What changes do you think the U.S. government and companies might need
to make to safeguard data? Join the conversation below.
Hackers linked to the attack have broken into these systems by
exploiting known bugs in software products, by guessing online passwords
and by capitalizing on a variety of issues in the way Microsoft Corp.=92s
MSFT 2.59% cloud-based software is configured, investigators said.
Approximately 30% of both the private-sector and government victims
linked to the campaign had no direct connection to SolarWinds, Brandon
Wales, acting director of the Cybersecurity and Infrastructure Security
Agency, said in an interview.
The attackers =93gained access to their targets in a variety of ways. This
adversary has been creative,=94 said Mr. Wales, whose agency, part of the
U.S. Department of Homeland Security, is coordinating the government
response. =93It is absolutely correct that this campaign should not be
thought of as the SolarWinds campaign.=94
Brandon Wales, acting director of the Cybersecurity and Infrastructure
Security Agency, at a Senate subcommittee hearing in December.
Photo: Rod Lamkey - Cnp/Zuma Press
Corporate investigators are reaching the same conclusion. Last week,
computer security company Malwarebytes Inc. said that a number of its
Microsoft cloud email accounts were compromised by the same attackers
who targeted SolarWinds, using what Malwarebytes called =93another
intrusion vector.=94 The hackers broke into a Malwarebytes Microsoft
Office 365 account and took advantage of a loophole in the software=92s
configuration to gain access to a larger number of email accounts,
Malwarebytes said. The company said it doesn=92t use SolarWinds software.
The incident demonstrated how sophisticated attackers could leapfrog
from one cloud-computing account to another by taking advantage of
little-known idiosyncrasies in the ways that software authenticates
itself on the Microsoft service, investigators said. In many of the
break-ins, the SolarWinds hackers took advantage of known Microsoft
configuration issues to trick systems into giving them access to emails
and documents stored on the cloud.
Biden White House Faces Three Problems From Suspected Russian Hack
0:00 / 2:17
1:28
Biden White House Faces Three Problems From Suspected Russian Hack
Biden White House Faces Three Problems From Suspected Russian Hack
A suspected Russian cyberattack of the federal government has breached
at least six cabinet-level departments. WSJ=92s Gerald F. Seib explains
what the hack means for President Joe Biden's national security efforts.
Photo illustration: Laura Kammermann (Originally Published Dec. 23, 2020)
SolarWinds itself is probing whether Microsoft=92s cloud was the hackers=92
initial entry point into its network, according to a person familiar
with the SolarWinds investigation, who said it is one of several
theories being pursued.
=93We continue to collaborate closely with federal law enforcement and
intelligence agencies to investigate the full scope of this
unprecedented attack,=94 a SolarWinds spokesman said in an email.
=93This is certainly one of the most sophisticated actors that we have
ever tracked in terms of their approach, their discipline and range of
techniques that they have,=94 said John Lambert, the manager of
Microsoft=92s Threat Intelligence Center.
In December, Microsoft said that the hackers who targeted SolarWinds had
accessed its own corporate network and viewed internal software source
code=97a lapse of security but not a catastrophic breach, according to
security experts. At the time, Microsoft said it had =93found no
indications that our systems were used to attack others.=94
=93 =91How do I know that Zoom or Slack isn=92t next and what do I do?=92 =
=94
=97 Malwarebytes CEO Marcin Kleczynski
The hack will take months or more to fully unravel and is raising
questions about the trust that many companies put in their technology
partners. The U.S. government has publicly blamed Russia, which has
denied responsibility.
The data breach has also undermined some of the pillars of modern
corporate computing, in which companies and government offices entrust
myriad software vendors to run programs remotely in the cloud or to
access their own networks to provide updates that enhance performance
and security.
Now corporations and government agencies are grappling with the question
of how much they can truly trust the people who build the software they use.
=93Malwarebytes relies on 100 software suppliers,=94 said Marcin Kleczynski,
the security company=92s chief executive. =93How do I know that Zoom or
Slack isn=92t next and what do I do? Do we start building software in-house=
?=94
Malwarebytes CEO Marcin Kleczynski in 2014.
Photo: Gary Reyes/TNS/Zuma Press
The attack surfaced in December, when security experts discovered
hackers inserted a backdoor into updates to SolarWinds=92 software, called
Orion, which was used widely across the federal government and by a
swath of Fortune 500 companies. The scope and sophistication of the
attack surprised investigators almost the moment they began their probe.
SolarWinds has said that it traced activity from the hackers back to at
least September 2019, and that the attack gave the intruders a digital
back door into as many as 18,000 SolarWinds customers.
Mr. Wales of the Cybersecurity and Infrastructure Security Agency said
some victims were compromised before SolarWinds deployed the corrupted
Orion software about a year ago.
SolarWinds Hack and Cybersecurity
The departments of Treasury, Justice, Commerce, State, Homeland
Security, Labor and Energy all suffered breaches. In some cases hackers
accessed the emails of those in senior ranks, officials have said. So
far, dozens of private-sector institutions have also been identified as
compromised in the attack, Mr. Wales said, adding that the total is well
under 100.
Investigators have tracked the SolarWinds activity by identifying the
tools, online resources and techniques used by the hackers. Some U.S.
intelligence analysts have concluded that the group is tied to Russia=92s
foreign intelligence service, the SVR.
Mr. Wales said his agency isn=92t aware of cloud software other than
Microsoft=92s targeted in the attack. And investigators haven=92t identified
another technology company whose products were broadly compromised to
infect other organizations the way SolarWinds was, he said.
The effort to target Microsoft=92s cloud software shows the breadth of
hackers=92 efforts to steal sensitive data. Microsoft is the world=92s
largest business software provider, and its systems are widely used by
corporations and government agencies.
=93There are lots and lots of different ways into the cloud,=94 said Dmitri
Alperovitch, executive chairman of the Silverado Policy Accelerator, a
cybersecurity think tank. Because so many companies have moved to the
Microsoft 365 cloud in recent years, it =93is now one of the top targets,=
=94
he said.
Another security company that doesn=92t use the SolarWinds software,
CrowdStrike Inc., CRWD 5.75% said the same attackers unsuccessfully
tried to read its email by taking control of an account used by a
Microsoft reseller that it worked with. The hackers then attempted to
use that account to access CrowdStrike=92s email.
In December, Microsoft notified both CrowdStrike and Malwarebytes that
the SolarWinds hackers had targeted them. Microsoft said then that it
had identified more than 40 customers hit by the attack. That number has
since increased, said a person familiar with Microsoft=92s thinking.
When the SolarWinds hack was first uncovered, current and former
national security officials quickly concluded it was one of the worst
breaches on record=97an intelligence coup that went undetected for several
months or longer that allowed suspected Russian spies access to internal
emails and other files in several government agencies.
As investigators have learned more about the scope of the hack and its
reach beyond SolarWinds, officials and lawmakers have begun to speak
about it in even more dire terms. Last week, President Joe Biden
instructed his director of national intelligence, Avril Haines, to
conduct a review of Russian aggression against the U.S., including the
SolarWinds hack.
=93This is the greatest cyber intrusion, perhaps, in the history of the
world,=94 Sen. Jack Reed, a Democrat, said earlier this month during a
confirmation hearing for Ms. Haines.
Avril Haines at her confirmation hearing before the Senate Intelligence
Committee earlier this month.
Photo: Joe Raedle - Pool Via Cnp/Zuma Press
Mr. Wales said that the hacking operation was =93substantially more
significant=94 than a previous hacking spree against cloud providers,
known as Cloud Hopper and linked to the Chinese government, widely
considered to be one of the largest-ever corporate espionage efforts.
The hackers in this campaign have been able to compromise core
infrastructure of government and private sector victims in a way that
dwarfs that attack, Mr. Wales said.
Investigators still believe the primary purpose of the hacking campaign,
which the government has said is ongoing, is to glean information by
spying on federal agencies and high-value corporate networks=97or
compromise other technology companies whose access could lead to
follow-on attacks.
=93We continue to maintain that this is an espionage campaign designed for
long-term intelligence collection,=94 Mr. Wales said. =93That said, when you
compromise an agency=92s authentication infrastructure, there is a lot of
damage you could do.=94
=97For more WSJ Technology analysis, reviews, advice and headlines, sign
up for our weekly newsletter.
Write to Robert McMillan at Robert.Mcmillan-at-wsj.com and Dustin Volz at
dustin.volz-at-wsj.com
Copyright =A92020 Dow Jones & Company, Inc. All Rights Reserved.
-- =
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|
