Fallout From The SolarWinds Breach Widens

Microsoft say that Britain, along with six other countries have been affected by a suspected Russian hacking attack and has been brought in by clients to assist using its antivirus software. It has been able to map some of the impact of the recently reported, SolarWinds attack. Microsoft has admitted it too had fallen victim to the attack, although it said it had not found “evidence of access to production services or customer data”.

The US Energy Department is the latest agency to confirm it has been breached in what is being described as the worst-ever hack on the United States government. Russian hackers have been monitoring internal email traffic at the US Treasury and Commerce departments, according to some analysts. This is just the beginning. 

The Cybersecurity and Infrastructure Security Agency (CISA) said it has determined that the SolarWinds Orion software vulnerability is not the only way hackers compromised a variety of online networks, warning that in some cases, victims appeared to have been breached despite never using the problematic software.

This will be President-elect Biden’s biggest foreign policy problem that the president-elect has to deal with a a very familiar aspect -  Russia. Moscow’s meddling in the 2016 US presidential election cast a shadow over US politics for four long years. “A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyber assaults on our nation.”

British spy chiefs are investigating whether Russian hackers broke into confidential British files. The National Cyber Security Centre (NCSC), part of GCHQ, is examining potential leaks after a hacking group cracked software developed by American business SolarWinds. 

SolarWinds systems are used by the UK Government departments including GCHQ the Ministry of Defence, the Cabinet Office and the Ministry of Justice and other online contents suggests the Home Office is also an active user.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. Those breaches of US systems have done much to define how America sees cyber-space, and how it defends itself and they have learnt it is not always possible to stop them. 

The first person to trail foreign hackers taking sensitive US data was not a spy, but an astronomer who was worried about an unpaid $0.75. In 1986, Cliff Stoll looked after the computer networks at his lab. and he noticed someone logging in to use the computer without paying. In the coming months, he would follow their trail and observe the unknown party searching for military-related data. 

In his book, Cuckoo's Egg, Stoll reveals how he eventually traced the login to a group of hackers in Germany, who had sold their access to the KGB, Moscow's intelligence service. 

A decade later, in the mid 1990s, the first major cyber espionage campaign conducted by a state intelligence agency was uncovered. Codenamed Moonlight Maze, some of the details remain classified. But this was a group of highly sophisticated hackers working quietly to steal US military secrets through a backdoor. The hackers took vast amounts of information and, for  defence officials feared they might leave something behind  to sabotage their systems. 

The US investigators were confident they knew who was behind it. The attackers worked 08:00 to 17:00 Moscow time (but never on a Russian holiday) and Russian language was found in the code. Moscow denied everything, and stalled the investigation. 

In 2008, the rogue USB stick loaded with malware - possibly found in a car park on a military base overseas, rocked Washington. It allowed hackers to penetrate classified US military systems which were supposed to be kept offline. It took four months for an analyst to spot the breach at US Central Command and even longer to fix it. It was found to be linked to the same group that was behind Moonlight Maze.  

This shock led directly to the creation of US Cyber Command within the Pentagon - a team set up to protect sensitive networks, but also to hunt adversaries online. In the subsequent years, China has received rather more attention, particularly with regard to stealing commercial secrets, but Russia has remained equally destructive. 

During the 2016 US presidential election, it turned out that not one, but two, Russian intelligence service hacking teams were inside the Democratic party. The team from the foreign intelligence agency, the SVR, stayed undercover, but the military intelligence team from the GRU, known as Fancy Bear  had a different idea. It leaked the material it stole, causing disruption and, arguably, playing a role in shifting the course of the election. The problem was no one had been prepared for this kind of "information operation". 

In the 2020 presidential election, organisations were on their guard for election interference from Russia. But what they didn't realise was that old-fashioned espionage was carrying on unnoticed, with Russian intelligence again believed to be the culprit. Once again Moscow has denied any role.

The SolarWinds operation began in March 2020, if not much earlier and the long term effects will doubtless emerge over time, but right now US federal officials talk of a "grave risk" because of the sheer scale of possible compromise of departments, companies and organisations. But others disagree describing it as an extreme example of what is actually 'routine espionage'. They also say that the US is not just the victim, but also the perpetrator of these type of hacks. The Snowden revelations of 2013 showed that both the US and th UK are effective in the way they monitor and steal secrets from other countries in ways that are no different to China and Russia.  

In cyberspace, the attacker normally has the advantage in finding a new way in before the defender can take protective measure and as long as there are secrets online the most capable spies, especially those from Russia, will be trying to steal them.

Sophisticated attackers will  prioritise surreptitious entrances and exits using hidden backdoors that avoid the wholesale ransacking of computer systems used by less expert criminal groups that serve to alert defenders. 'Quiet' hackers are typically more focused on covering their tracks and such quiet attacks can often be the most effective at gathering specific, sensitive information over a period of months. Indeed, while the details of what was taken and from whom are not yet public, the agencies and companies themselves may not even know for a while.

Cyber security is currently a very difficult job under the best of circumstances and while the US National Security Agency keeps military secrets locked down, civilian agencies don't have the same resources to defend themselves. 

Reuters:      GovUK:      New York Times:      The Verge:     Washington Post:    CNN:   Guardian:

Guardian:     BBC:    BBC:     Telegraph:     

You Might Also Read: 

The Cyber Security Top Ten Power List:

 
« Healthcare Is The Prize Target For Cyber Criminals
WEBINAR: Build An Effective Cloud Threat Intelligence Program In The AWS Cloud »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

Hogan Lovells

Hogan Lovells

Hogan Lovells is an international business law firm with offices across Europe, Asia and the USA. Practice areas include Privacy & Cybersecurity.

CLUSIS

CLUSIS

CLUSIS is an association for the information security industry in Switzerland.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

TPx Communications

TPx Communications

TPx is a leading managed services provider offering a full suite of managed IT, unified communications, network connectivity and security services.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Excite Cyber

Excite Cyber

Excite Technology Services (formerly Cipherpoint) is focused on improving the security posture of our customers.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.