Fallout From The SolarWinds Breach Widens

Microsoft say that Britain, along with six other countries have been affected by a suspected Russian hacking attack and has been brought in by clients to assist using its antivirus software. It has been able to map some of the impact of the recently reported, SolarWinds attack. Microsoft has admitted it too had fallen victim to the attack, although it said it had not found “evidence of access to production services or customer data”.

The US Energy Department is the latest agency to confirm it has been breached in what is being described as the worst-ever hack on the United States government. Russian hackers have been monitoring internal email traffic at the US Treasury and Commerce departments, according to some analysts. This is just the beginning. 

The Cybersecurity and Infrastructure Security Agency (CISA) said it has determined that the SolarWinds Orion software vulnerability is not the only way hackers compromised a variety of online networks, warning that in some cases, victims appeared to have been breached despite never using the problematic software.

This will be President-elect Biden’s biggest foreign policy problem that the president-elect has to deal with a a very familiar aspect -  Russia. Moscow’s meddling in the 2016 US presidential election cast a shadow over US politics for four long years. “A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyber assaults on our nation.”

British spy chiefs are investigating whether Russian hackers broke into confidential British files. The National Cyber Security Centre (NCSC), part of GCHQ, is examining potential leaks after a hacking group cracked software developed by American business SolarWinds. 

SolarWinds systems are used by the UK Government departments including GCHQ the Ministry of Defence, the Cabinet Office and the Ministry of Justice and other online contents suggests the Home Office is also an active user.

For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online. Those breaches of US systems have done much to define how America sees cyber-space, and how it defends itself and they have learnt it is not always possible to stop them. 

The first person to trail foreign hackers taking sensitive US data was not a spy, but an astronomer who was worried about an unpaid $0.75. In 1986, Cliff Stoll looked after the computer networks at his lab. and he noticed someone logging in to use the computer without paying. In the coming months, he would follow their trail and observe the unknown party searching for military-related data. 

In his book, Cuckoo's Egg, Stoll reveals how he eventually traced the login to a group of hackers in Germany, who had sold their access to the KGB, Moscow's intelligence service. 

A decade later, in the mid 1990s, the first major cyber espionage campaign conducted by a state intelligence agency was uncovered. Codenamed Moonlight Maze, some of the details remain classified. But this was a group of highly sophisticated hackers working quietly to steal US military secrets through a backdoor. The hackers took vast amounts of information and, for  defence officials feared they might leave something behind  to sabotage their systems. 

The US investigators were confident they knew who was behind it. The attackers worked 08:00 to 17:00 Moscow time (but never on a Russian holiday) and Russian language was found in the code. Moscow denied everything, and stalled the investigation. 

In 2008, the rogue USB stick loaded with malware - possibly found in a car park on a military base overseas, rocked Washington. It allowed hackers to penetrate classified US military systems which were supposed to be kept offline. It took four months for an analyst to spot the breach at US Central Command and even longer to fix it. It was found to be linked to the same group that was behind Moonlight Maze.  

This shock led directly to the creation of US Cyber Command within the Pentagon - a team set up to protect sensitive networks, but also to hunt adversaries online. In the subsequent years, China has received rather more attention, particularly with regard to stealing commercial secrets, but Russia has remained equally destructive. 

During the 2016 US presidential election, it turned out that not one, but two, Russian intelligence service hacking teams were inside the Democratic party. The team from the foreign intelligence agency, the SVR, stayed undercover, but the military intelligence team from the GRU, known as Fancy Bear  had a different idea. It leaked the material it stole, causing disruption and, arguably, playing a role in shifting the course of the election. The problem was no one had been prepared for this kind of "information operation". 

In the 2020 presidential election, organisations were on their guard for election interference from Russia. But what they didn't realise was that old-fashioned espionage was carrying on unnoticed, with Russian intelligence again believed to be the culprit. Once again Moscow has denied any role.

The SolarWinds operation began in March 2020, if not much earlier and the long term effects will doubtless emerge over time, but right now US federal officials talk of a "grave risk" because of the sheer scale of possible compromise of departments, companies and organisations. But others disagree describing it as an extreme example of what is actually 'routine espionage'. They also say that the US is not just the victim, but also the perpetrator of these type of hacks. The Snowden revelations of 2013 showed that both the US and th UK are effective in the way they monitor and steal secrets from other countries in ways that are no different to China and Russia.  

In cyberspace, the attacker normally has the advantage in finding a new way in before the defender can take protective measure and as long as there are secrets online the most capable spies, especially those from Russia, will be trying to steal them.

Sophisticated attackers will  prioritise surreptitious entrances and exits using hidden backdoors that avoid the wholesale ransacking of computer systems used by less expert criminal groups that serve to alert defenders. 'Quiet' hackers are typically more focused on covering their tracks and such quiet attacks can often be the most effective at gathering specific, sensitive information over a period of months. Indeed, while the details of what was taken and from whom are not yet public, the agencies and companies themselves may not even know for a while.

Cyber security is currently a very difficult job under the best of circumstances and while the US National Security Agency keeps military secrets locked down, civilian agencies don't have the same resources to defend themselves. 

Reuters:      GovUK:      New York Times:      The Verge:     Washington Post:    CNN:   Guardian:

Guardian:     BBC:    BBC:     Telegraph:     

You Might Also Read: 

The Cyber Security Top Ten Power List:

 
« Healthcare Is The Prize Target For Cyber Criminals
WEBINAR: Build An Effective Cloud Threat Intelligence Program In The AWS Cloud »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Empow Cyber Security

Empow Cyber Security

Empow has developed a way for enterprises to orchestrate their security infrastructure, get the most out of each security product, and better mitigate attacks, while using fewer resources to do so.

Red Balloon Security (RBS)

Red Balloon Security (RBS)

Red Balloon Security is a leading embedded device security company, delivering deep host-based defense for all devices.

Think Cyber Security (ThinkCyber)

Think Cyber Security (ThinkCyber)

ThinkCyber is a Tel Aviv-based Israeli company with a team of cybersecurity professionals who are experts in both information and operations technology.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Quantum Cybersecurity

Quantum Cybersecurity

Quantum's objectives are to assist and help our clients with RMF Controls, Accreditation packages, FISCAM controls, ISSM Duties and Responsibilities, ISSO Duties and Responsibilities and more.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.