Friday, January 29, 2021

Many Russian Hack Victims had Not Installed SolarWinds

Investigators have revealed the Massive suspected Russian Cyber Attack that preyed on Government Agencies and Blue-Chip Businesses may be far greater than first realized, as 30% of Victims had Not Installed the Software thought to have been used to carry out the Pearl Harbor of Hacks.

Brandon Wales, the Acting Director of the Cybersecurity and Infrastructure Security Agency which is Investigating the Attack, said that the 30% of Federal Agencies and Private Firms Breached had No Direct Connection to SolarWinds. Several Victims had already fallen foul to an Attack long before SolarWinds even Deployed its Network Management Software, Orion, which was Corrupted by the Highly Sophisticated Hackers.

Wales said there is evidence Hackers used Microsoft's Cloud Software as a way into some Systems, sparking Fears that Millions of Individuals, Businesses, and Government Agencies may have been Vulnerable to the Attack.

The Attackers, which U.S. Intelligence Officials have since said were 'likely' from Russia's SVR Foreign Intelligence Service, used Orion as an Open Door to Break into the Computer Systems of Users. The Attack began as far back as October 2019 leaving Hackers Free rein to Explore the Networks of Government Agencies, Private Companies, and Think-Tanks for months.

Wales said Investigators have Concrete Evidence that Hackers broke in using other Systems besides SolarWinds gaining Access to their Targets in a Variety of ways. This Adversary has been Creative. It is absolutely correct that this Campaign should Not be thought of as the SolarWinds Campaign. Instead, Wales said Hackers exploited known Bugs in Software Products, guessed Passwords, and took Advantage of Issues in the Configuration of Microsoft's cloud Software. Once inside the Cloud-Computing Account, Attackers were then able to Leapfrog to other Accounts and Trick Systems into gaining Access to Emails and Documents in the Cloud.

Last week, Cyber Security Firm, Malwarebytes, said it had been Hacked and Revealed it does Not use any SolarWinds Software. The Firm said Hackers had instead Broken into its Internal Emails by abusing Access to Microsoft Office 365 and Azure Software.

Another Security Firm, CrowdStrike, which is also not a SolarWinds Customer, also said Hackers had tried Unsuccessfully to access its Email through a Microsoft Reseller.

John Lambert, the Manager of Microsoft's Threat Intelligence Center, said 'this is certainly one of the most sophisticated actors that we have ever tracked in terms of their approach, their discipline and range of techniques that they have. So far, Investigators have Not identified any Cloud Software other than Microsoft's targeted in the Attack or any other Tech Company other than SolarWinds used to infiltrate other systems. Microsoft announced at the End of December that the Perpetrators behind the Massive Cyber Attack had broke into its own Internal Network and Accessed some of its Source Code.

The Source Code, the underlying set of Instructions that run a piece of Software or Operating System, is typically among a Technology Company’s most Closely Guarded Secrets.

The Revelation also went beyond previous Announcements that Microsoft had just Detected Malicious SolarWinds Software in its Systems and Removed it. However, the Company did say at the time, it had found No Evidence that the Hackers had Accessed its Production Services or Customer Data or that its Systems were used to Attack others.

At present, the True Scope of the Breach is still Not fully known but Wales said it was 'substantially more significant' than the Cloud Hopper Attack, where Eight of the World's Biggest Technology Service Providers were Hacked by Chinese Spies.

Wales said the Probe continues to show the Hack was to enable Spies to carry out Long-Term Intelligence Collection. When you compromise an agency's authentication infrastructure, there is a lot of damage you could do,' he said.

Last month, Intelligence Officials said an estimated 18,000 Organizations were Affected by Malicious Code that Piggybacked on the SolarWinds software. Of those Customers, though, a much Smaller number has been compromised by Follow-On Activity on their Systems.

So far Investigators had found less than 10 U.S. Government Agencies whose Systems were Compromised.

Certified Information Systems Auditor (CISA) has Not disclosed which Agencies were Affected, but some have admitted they were Targets including the: State Department; Commerce Department; Treasury; Homeland Security; Defense Department, and the National Institutes of Health.

Meanwhile, Wales said the Number of Private-Sector Firms, so far Identified as Victims, was well under 100.

NYC Wins When Everyone Can Vote! Michael H. Drucker

No comments: