US federal agencies announce data breach

We mentioned recently the acknowledged importance of cybersecurity in the realm of finance and national security.  Now those attitudes will once more be put to the test.

The breaking story this week, of course, is how hackers breached the US Treasury and Commerce departments through an IT security vendor called SolarWinds.  The scope of SolarWinds’ clients is monumental.  US Fortune 500 companies, all 10 of the major telecom services, all military branches and numerous government agencies all the way up to the White House, as well as hundreds of universities around the world: over 300,000 customers employ SolarWinds in their data protection strategies.

Unfortunately, this means when hackers compromised the vendor’s Orion software via malicious code, and were thus able to leverage that access to gain higher login credentials, they potentially gained access to a mammoth prize.  Once inside, they could inject their own fake credentials to be recognized by the system, allowing for future subterfuge.  So, says security researcher Brian Krebs, while these two departments might be in the news first, we should expect more to follow.

According to the initial Reuters report, the hackers in this case are believed to be bad actors backed by the Russian government.  A connection has also been inferred between this incident and the recent hack of FireEye, also a SolarWinds’ customer.  That company has itself related how compromised SolarWinds updates led to their own proprietary tools being exposed.  As just one of SolarWinds’ many customers, FireEye’s security breach was apparently the first domino.  Now we see the second and third, striking deeper at the heart of national infrastructure.  

The irony here is that SolarWinds policy may have been responsible for the vulnerability.  A company advisory warns that antivirus scans and other restrictions may hamper SolarWinds products from working correctly, and recommends exemptions.  If that didn’t raise a few eyebrows on any IT teams reading that notice, I don’t know what will.  

Since the intruders were able to spy on the emails at the two organizations involved, questions of national security will no doubt be raised.  Already the Department of Homeland Security has instructed all federal agencies to disconnect whatever Orion software they were running on their networks.  The rarity of this move just shows how seriously the breach is being taken.  In recent months we were seeing reports of multiple bad actors conducting various intrusion attempts over the subject of COVID vaccine research.  This represents just the latest in a complex pattern of cyber warfare targeting entities where they are most vulnerable.  If it can happen to these agencies, it can happen anywhere, so stay alert.


By: Jonathan Weicher, post on December 16, 2020
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security