[ad_1]
Ars Technica writes that 18,000 organizations could potentially be affected by the attack. This is because some group of state-funded programmers (two US senators, who have access to classified information indicate that the culprit is Russia in this case) have managed to take control of the software company SolarWinds. SolarWinds has developed the popular Orion network management tool, which is used by a large number of Internet infrastructure nodes.
Hackers who took control of SolarWinds tools “contaminated” the Orion update with their malicious code, which gives criminals open access to systems administration, and distributed it around the world. The update is estimated to have been downloaded by around 18,000 organizations, but a cybersecurity survey found that only a very small percentage of those businesses, institutions, and organizations – only about 0.2 percent. – received a “visit” from the criminals and the completion of the second phase of the cyber attack with the installation of an additional malware package.
Most of the targets in the second phase of the cyber attack were technology companies, government institutions and think tanks, and non-governmental organizations. The vast majority of those companies, institutions, and organizations were from the United States.
These figures were provided by Microsoft President Brad Smith in his analysis of the situation, who also shared some thoughts and comments on the scale and significance of this unprecedented attack. According to Smith, even those figures, 18,000, do not reveal the true scale of the attack, because Microsoft can only safely detect malicious access to the server confirmed by its Windows Defender applet, which is not installed on all computers in the world. On the other hand, the president of Microsoft ensures that he sees a lot of that software, so the numbers they provide can differ a lot.
The hacking campaign, which lasted for more than a month, was cleared up only after cybersecurity company FireEye itself admitted that its network had been hacked by state-controlled programmers. In their research, they found that the programmers were using a “back door” built into Orion software, and that such access was exploited to enter not only FireEye, but many more institutions as well, including US government agencies. More than a week after this hacking was discovered, more and more details about the incident and its potential impact are being collected and made public.
Hack SolarWinds internal networks and install “back doors” in 18 thousand. Servers around the world were only the first phase of a cyberattack aimed solely at gaining access to targets of interest. The main target of the entire operation, which lasted at least 9 months, and perhaps even longer, was the “cream”, the elite American organizations and institutions.
Targets injured in the SolarWinds attack include the US Department of Energy and the National Nuclear Security Administration, which manages US nuclear weapons stocks, according to Politico.
Microsoft’s analysis just shows exactly how those attacks were targeted: Although it was granted privileged access to monitor any of the 18,000 compromised servers, the programmers chose to ship an additional software package to just 40.
Smith acknowledged that all developed countries are involved in digital espionage operations, including hacking. But, he said, this time the borders were crossed: a state that violated established norms for selfish ends posed a serious threat to much of the world.
“It is critical to step back and assess the significance of these attacks in their overall context. This is not “normal espionage”, not even in the digital age. This is a reckless act that has created serious technology vulnerabilities in the United States and around the world. In essence, this is not an attack on specific targets, but rather an attack on the reliability and trust of the world’s critical infrastructure to achieve the objectives of a single state intelligence agency. While the recent attacks show a focus on targets in the United States and other democracies, they are also a very clear reminder that people in virtually every state are at risk and need protection no matter what their government is, “Smith said.
The Microsoft chairman also quoted Kevin Mandia, CEO of FireEye, as saying recently: “We are seeing an attack from a state with the highest level of offensive capabilities.”
“Because Microsoft cybersecurity experts are helping to respond to this attack, we have come to the same conclusion. Unfortunately, this attack is a large-scale spyware-type attack against sensitive US government information. And the technological tools that companies use to protect that information. The attack is still ongoing, and cybersecurity teams in the public and private sectors are actively analyzing and preventing it, including Microsoft experts. Because our teams act As first responders to this attack, ongoing research shows that this attack is exceptional in its scale, complexity, and impact – it turns out that the attack on SolarWinds is almost the most severe spyware hack in the last decade, if not ever. The performance and accuracy are astonishing. In explaining to those objective elite programmers in the next few weeks what the se In the second phase of the attack, this story is likely to be even more important, ”Smith said.
[ad_2]
