Fallout From The SolarWinds Breach Widens

Microsoft say that Britain, along with six other countries have been affected by a suspected Russian hacking attack and has been brought in by clients to assist using its antivirus software. It has been able to map some of the impact of the recently reported, SolarWinds attack. Microsoft has admitted it too had fallen victim to the attack, although it said it had not found “evidence of access to production services or customer data”.

The US Energy Department is the latest agency to confirm it has been breached in what is being described as the worst-ever hack on the United States government. Russian hackers have been monitoring internal email traffic at the US Treasury and Commerce departments, according to some analysts. This is just the beginning. 

The Cybersecurity and Infrastructure Security Agency (CISA) said it has determined that the SolarWinds Orion software vulnerability is not the only way hackers compromised a variety of online networks, warning that in some cases, victims appeared to have been breached despite never using the problematic software.

This will be President-elect Biden’s biggest foreign policy problem that the president-elect has to deal with a a very familiar aspect -  Russia. Moscow’s meddling in the 2016 US presidential election cast a shadow over US politics for four long years. “A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyber assaults on our nation.”

British spy chiefs are investigating whether Russian hackers broke into confidential British files. The National Cyber Security Centre (NCSC), part of GCHQ, is examining potential leaks after a hacking group cracked software developed by American business SolarWinds. 

SolarWinds systems are used by the UK Government departments including GCHQ the Ministry of Defence, the Cabinet Office and the Ministry of Justice and other online contents suggests the Home Office is also an active user.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. Those breaches of US systems have done much to define how America sees cyber-space, and how it defends itself and they have learnt it is not always possible to stop them. 

The first person to trail foreign hackers taking sensitive US data was not a spy, but an astronomer who was worried about an unpaid $0.75. In 1986, Cliff Stoll looked after the computer networks at his lab. and he noticed someone logging in to use the computer without paying. In the coming months, he would follow their trail and observe the unknown party searching for military-related data. 

In his book, Cuckoo's Egg, Stoll reveals how he eventually traced the login to a group of hackers in Germany, who had sold their access to the KGB, Moscow's intelligence service. 

A decade later, in the mid 1990s, the first major cyber espionage campaign conducted by a state intelligence agency was uncovered. Codenamed Moonlight Maze, some of the details remain classified. But this was a group of highly sophisticated hackers working quietly to steal US military secrets through a backdoor. The hackers took vast amounts of information and, for  defence officials feared they might leave something behind  to sabotage their systems. 

The US investigators were confident they knew who was behind it. The attackers worked 08:00 to 17:00 Moscow time (but never on a Russian holiday) and Russian language was found in the code. Moscow denied everything, and stalled the investigation. 

In 2008, the rogue USB stick loaded with malware - possibly found in a car park on a military base overseas, rocked Washington. It allowed hackers to penetrate classified US military systems which were supposed to be kept offline. It took four months for an analyst to spot the breach at US Central Command and even longer to fix it. It was found to be linked to the same group that was behind Moonlight Maze.  

This shock led directly to the creation of US Cyber Command within the Pentagon - a team set up to protect sensitive networks, but also to hunt adversaries online. In the subsequent years, China has received rather more attention, particularly with regard to stealing commercial secrets, but Russia has remained equally destructive. 

During the 2016 US presidential election, it turned out that not one, but two, Russian intelligence service hacking teams were inside the Democratic party. The team from the foreign intelligence agency, the SVR, stayed undercover, but the military intelligence team from the GRU, known as Fancy Bear  had a different idea. It leaked the material it stole, causing disruption and, arguably, playing a role in shifting the course of the election. The problem was no one had been prepared for this kind of "information operation". 

In the 2020 presidential election, organisations were on their guard for election interference from Russia. But what they didn't realise was that old-fashioned espionage was carrying on unnoticed, with Russian intelligence again believed to be the culprit. Once again Moscow has denied any role.

The SolarWinds operation began in March 2020, if not much earlier and the long term effects will doubtless emerge over time, but right now US federal officials talk of a "grave risk" because of the sheer scale of possible compromise of departments, companies and organisations. But others disagree describing it as an extreme example of what is actually 'routine espionage'. They also say that the US is not just the victim, but also the perpetrator of these type of hacks. The Snowden revelations of 2013 showed that both the US and th UK are effective in the way they monitor and steal secrets from other countries in ways that are no different to China and Russia.  

In cyberspace, the attacker normally has the advantage in finding a new way in before the defender can take protective measure and as long as there are secrets online the most capable spies, especially those from Russia, will be trying to steal them.

Sophisticated attackers will  prioritise surreptitious entrances and exits using hidden backdoors that avoid the wholesale ransacking of computer systems used by less expert criminal groups that serve to alert defenders. 'Quiet' hackers are typically more focused on covering their tracks and such quiet attacks can often be the most effective at gathering specific, sensitive information over a period of months. Indeed, while the details of what was taken and from whom are not yet public, the agencies and companies themselves may not even know for a while.

Cyber security is currently a very difficult job under the best of circumstances and while the US National Security Agency keeps military secrets locked down, civilian agencies don't have the same resources to defend themselves. 

Reuters:      GovUK:      New York Times:      The Verge:     Washington Post:    CNN:   Guardian:

Guardian:     BBC:    BBC:     Telegraph:     

You Might Also Read: 

The Cyber Security Top Ten Power List:

 
« Healthcare Is The Prize Target For Cyber Criminals
WEBINAR: Build An Effective Cloud Threat Intelligence Program In The AWS Cloud »

Perimeter 81

Directory of Suppliers

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

Trusted Knight

Trusted Knight

Trusted Knight is a leading provider of security software solutions focused on defeating newly developed malware and crimeware trojans.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

Viking Cloud

Viking Cloud

Viking Cloud's customer-centric SaaS solutions enable cutting-edge ways to secure your network infrastructure, maintain compliance and provide assurance testing and assessments.

Tugboat Logic

Tugboat Logic

Tugboat Logic was created to address the skills and expertise gap in the security and compliance industry. Our goal is to simplify and automate information security management for every enterprise.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.