President Biden’s Cyber Dilemma

Uploaded on 2021-03-11 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-China, INTELLIGENCE-Hot Spots-Russia

The Biden administration is grappling with two major cyber incidents in its first 50 days in office, underscoring the challenge the new White House faces from foreign actors. Russia and China are suspected in the two incidents, which may have compromised thousands of federal, state and private groups for long periods of time before discovery. The effect has been to move cyber security up the list of the administration’s priorities.

Russia has expressed its alarm after it was reported the United States was planning a series of covert counter-attacks on Russian networks, saying such strikes would amount to cyber crimes.

The US security level is being raised probably because of the recent attacks on the US government systems and these US attacks may also be focused on the Chinese and Russian hackers because of the amount of hacks on Microsoft Exchange is now thought to be tens of thousands of organisations that have probably been cyber attacked and compromised. The hackers have used previously unknown flaws in the email software to steal information and data.  Microsoft has said the attackers are "state-sponsored and operating out of China". And now it looks like other hackers are also attacking these systems.   

The hacking group known as Hafnium breached as many victims they could find across the global Internet, leaving behind backdoors to return to later. This follows the recent SolarWinds cyber hacks, linked to Russia, that affected multiple US government departments and other organisations.

US national security adviser Jake Sullivan wrote on Twitter,“We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of US think tanks and defense industrial base entities. We encourage network owners to patch ASAP.” 

One US senator has described the SolarWinds attack as an "act of war", but what options President Biden has is not obvious..

That these cyber attacks by potentially hackers backed by governments is a real problem for the Biden administration and will likley result in US Cybercommand being directed to step up hacking into adversary systems to find out what they are doing and stopping operations against the US before they are unleashed.

The US has often considered espionage as then stealing of information as acceptable, because it practised it extensively, as whistleblower Edward Snowden revealed in 2013 and these attacks and the response may fit into the same category. President Biden is launching an emergency taskforce to address an aggressive cyber-attack that has affected hundreds of thousands of Microsoft customers around the world, the second major hacking campaign to hit the US since the election.

The first major move is expected over the next three weeks, officials said, with a series of clandestine actions across Russian and Chinese networks.  

White House press secretary Jen Psaki warned anyone running the affected Exchange servers to implement Microsoft's patch for the vulnerabilities immediately. "We are concerned that there are a large number of victims and are working with our partners to understand the scope of this... Network owners also need to consider whether they have already been compromised and should immediately take appropriate steps."

The task of cleaning up the hackers' tens of thousands of infections may be, that early detection may give victims a chance to both patch their systems and remove the hackers before they can take advantage of their foothold inside organisations.

The Hill:      New York Times:   Wired:      Guardian:       Yahoo:     Jake Sullivan:       BBC

You Might Also Read: 

Solving Mr. Biden’s Wicked Cyber Problem:

 

« Cyber Security For The Internet of Medical Things
British Schools & Universities Suffer Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

Cybots Pte Ltd

Cybots Pte Ltd

Cybots is a multinational cyber defence brand founded in Singapore in 2018 to help organizations stay ahead of increasingly sophisticated threats from cyber criminals.

Alias

Alias

Alias (formerly Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.

Zeta Sky

Zeta Sky

Zeta Sky offers a full range of IT and cyber-security services for your business.

RADICL

RADICL

RADICL's mission is to give SMBs that serve America's Defense Industrial Base (DIB) access to strong, enterprise-grade cyber security protection.

BetterWorld Technology

BetterWorld Technology

BetterWorld Technology provides cloud solutions, managed services, SaaS, cybersecurity and virtual CIO, all customized to meet your needs.