Fallout From The SolarWinds Breach Widens

Microsoft say that Britain, along with six other countries have been affected by a suspected Russian hacking attack and has been brought in by clients to assist using its antivirus software. It has been able to map some of the impact of the recently reported, SolarWinds attack. Microsoft has admitted it too had fallen victim to the attack, although it said it had not found “evidence of access to production services or customer data”.

The US Energy Department is the latest agency to confirm it has been breached in what is being described as the worst-ever hack on the United States government. Russian hackers have been monitoring internal email traffic at the US Treasury and Commerce departments, according to some analysts. This is just the beginning. 

The Cybersecurity and Infrastructure Security Agency (CISA) said it has determined that the SolarWinds Orion software vulnerability is not the only way hackers compromised a variety of online networks, warning that in some cases, victims appeared to have been breached despite never using the problematic software.

This will be President-elect Biden’s biggest foreign policy problem that the president-elect has to deal with a a very familiar aspect -  Russia. Moscow’s meddling in the 2016 US presidential election cast a shadow over US politics for four long years. “A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyber assaults on our nation.”

British spy chiefs are investigating whether Russian hackers broke into confidential British files. The National Cyber Security Centre (NCSC), part of GCHQ, is examining potential leaks after a hacking group cracked software developed by American business SolarWinds. 

SolarWinds systems are used by the UK Government departments including GCHQ the Ministry of Defence, the Cabinet Office and the Ministry of Justice and other online contents suggests the Home Office is also an active user.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. Those breaches of US systems have done much to define how America sees cyber-space, and how it defends itself and they have learnt it is not always possible to stop them. 

The first person to trail foreign hackers taking sensitive US data was not a spy, but an astronomer who was worried about an unpaid $0.75. In 1986, Cliff Stoll looked after the computer networks at his lab. and he noticed someone logging in to use the computer without paying. In the coming months, he would follow their trail and observe the unknown party searching for military-related data. 

In his book, Cuckoo's Egg, Stoll reveals how he eventually traced the login to a group of hackers in Germany, who had sold their access to the KGB, Moscow's intelligence service. 

A decade later, in the mid 1990s, the first major cyber espionage campaign conducted by a state intelligence agency was uncovered. Codenamed Moonlight Maze, some of the details remain classified. But this was a group of highly sophisticated hackers working quietly to steal US military secrets through a backdoor. The hackers took vast amounts of information and, for  defence officials feared they might leave something behind  to sabotage their systems. 

The US investigators were confident they knew who was behind it. The attackers worked 08:00 to 17:00 Moscow time (but never on a Russian holiday) and Russian language was found in the code. Moscow denied everything, and stalled the investigation. 

In 2008, the rogue USB stick loaded with malware - possibly found in a car park on a military base overseas, rocked Washington. It allowed hackers to penetrate classified US military systems which were supposed to be kept offline. It took four months for an analyst to spot the breach at US Central Command and even longer to fix it. It was found to be linked to the same group that was behind Moonlight Maze.  

This shock led directly to the creation of US Cyber Command within the Pentagon - a team set up to protect sensitive networks, but also to hunt adversaries online. In the subsequent years, China has received rather more attention, particularly with regard to stealing commercial secrets, but Russia has remained equally destructive. 

During the 2016 US presidential election, it turned out that not one, but two, Russian intelligence service hacking teams were inside the Democratic party. The team from the foreign intelligence agency, the SVR, stayed undercover, but the military intelligence team from the GRU, known as Fancy Bear  had a different idea. It leaked the material it stole, causing disruption and, arguably, playing a role in shifting the course of the election. The problem was no one had been prepared for this kind of "information operation". 

In the 2020 presidential election, organisations were on their guard for election interference from Russia. But what they didn't realise was that old-fashioned espionage was carrying on unnoticed, with Russian intelligence again believed to be the culprit. Once again Moscow has denied any role.

The SolarWinds operation began in March 2020, if not much earlier and the long term effects will doubtless emerge over time, but right now US federal officials talk of a "grave risk" because of the sheer scale of possible compromise of departments, companies and organisations. But others disagree describing it as an extreme example of what is actually 'routine espionage'. They also say that the US is not just the victim, but also the perpetrator of these type of hacks. The Snowden revelations of 2013 showed that both the US and th UK are effective in the way they monitor and steal secrets from other countries in ways that are no different to China and Russia.  

In cyberspace, the attacker normally has the advantage in finding a new way in before the defender can take protective measure and as long as there are secrets online the most capable spies, especially those from Russia, will be trying to steal them.

Sophisticated attackers will  prioritise surreptitious entrances and exits using hidden backdoors that avoid the wholesale ransacking of computer systems used by less expert criminal groups that serve to alert defenders. 'Quiet' hackers are typically more focused on covering their tracks and such quiet attacks can often be the most effective at gathering specific, sensitive information over a period of months. Indeed, while the details of what was taken and from whom are not yet public, the agencies and companies themselves may not even know for a while.

Cyber security is currently a very difficult job under the best of circumstances and while the US National Security Agency keeps military secrets locked down, civilian agencies don't have the same resources to defend themselves. 

Reuters:      GovUK:      New York Times:      The Verge:     Washington Post:    CNN:   Guardian:

Guardian:     BBC:    BBC:     Telegraph:     

You Might Also Read: 

The Cyber Security Top Ten Power List:

 
« Healthcare Is The Prize Target For Cyber Criminals
WEBINAR: Build An Effective Cloud Threat Intelligence Program In The AWS Cloud »

Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

WEBINAR: How to build an effective Cloud Threat Intelligence program in the AWS Cloud

WEBINAR: How to build an effective Cloud Threat Intelligence program in the AWS Cloud

Thursday, Jan 28, 2021 - Join this webinar to learn how to improve your Cloud Threat Intelligence (CTI) program by gathering critical cloud-specific event data in the AWS Cloud.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

the Information Systems Security Association (ISSA) is an international organization of information security professionals and practitioners.

PCI Pal

PCI Pal

PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

Echoworx

Echoworx

Echoworx provides a path to secure communications and more streamlined processes with encryption solutions customized to your specific requirements.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.