“If you compromise somebody’s network for 6 months, there’s a lot of opportunity,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a security think tank. These were highly motivated attackers who selected each of their victims for a specific purpose that remains unknown.
These weren’t opportunistic cybercriminals indiscriminately probing whatever targets they could find in hopes of extorting their victims for a quick payday. That agents of a foreign government may have been responsible for the breaches is a worrisome sign of not only the attackers’ capabilities, but also their motives. But US officials have tentatively said that the culprit may have links to Russia.
Solarwinds orion breach manual#
“Each of the attacks require meticulous planning and manual interaction.”Īttributing any cyberattack is hard under the best of circumstances and even more challenging when a sophisticated actor works to cover their tracks, as these did. “The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors,” FireEye said, adding that the breaches appear to date as far back as the spring. And we still don’t know what information may have been lost or stolen.Īnother reason to worry is that the attackers appear to have been extraordinarily skilled and determined. In the coming days, we may learn that many more companies and agencies have been compromised than we initially suspected. Security experts say this is merely the beginning.
Solarwinds orion breach software#
The software vulnerability that enabled the spying has been found in the tech and telecom industry, as well as at consulting firms and energy companies, according to FireEye. It isn’t just the US government in the crosshairs: The elite cybersecurity firm FireEye, which itself was a victim of the attack, said companies across the broader economy were vulnerable to the spying, too. It’s only the fifth such directive to be issued by the Cybersecurity and Infrastructure Security Agency since it was created in 2015. The Justice Department, the National Security Agency and even the US Postal Service have all been cited by security experts as potentially vulnerable.Īll federal civilian agencies have been told to review their systems in an emergency directive by DHS officials. The Department of Homeland Security’s cyber arm was also compromised, CNN previously reported.īut the range of potential victims is much, much larger, raising the troubling prospect that the US military, the White House or public health agencies responding to the pandemic may have been targeted by the foreign spying, too. One reason the attack is so concerning is because of who may have been victimized by the spying campaign.Īt least two US agencies have publicly confirmed they were compromised: The Department of Commerce and the Agriculture Department. Here’s why the cyberattacks disclosed this week are keeping experts up at night - based on who was targeted, the suspected identities of the attackers and their playbook, according to analysts contacted by CNN Business and published security reports. As many as 18,000 SolarWinds customers - out of a total of 300,000 - may have been running software containing the vulnerability that allowed the hackers to penetrate the Commerce Department, the company disclosed in an investor filing this week. Since then, more details have emerged suggesting a much wider pattern of compromise. While SolarWinds is not a household name, it works with many businesses and organizations that are. On Sunday evening, the Commerce Department acknowledged it had been hit by a data breach after Reuters first reported that sophisticated hackers compromised the agency through a third-party software vendor known as SolarWinds.
“On a scale of 1 to 10, I’m at a 9 - and it’s not because of what I know it’s because of what we still don’t know.”
“I woke up in the middle of the night last night just sick to my stomach,” said Theresa Payton, who served as White House Chief Information Officer under President George W. Investigators are still trying to figure out how much of the government may have been affected and how badly it may have been compromised.īut what little we know has cybersecurity experts extremely worried - with some describing the attack as a literal wakeup call. The US government is reeling from multiple data breaches at top federal agencies, the result of a worldwide hacking campaign with possible ties to Russia.
0 kommentar(er)
