[ad_1]
WASHINGTON DC: A devastating cyberattack against US government agencies has also hit targets around the world, and the list of victims continues to grow, according to researchers, increasing fears about cybersecurity and espionage.
Microsoft said late on December 17 that it had notified more than 40 customers affected by the malware, which security experts say came from hackers linked to the Russian government and could allow attackers to access the network without restrictions.
“While approximately 80 percent of these customers are in the United States, this work so far has also identified victims in seven additional countries,” Microsoft President Brad Smith said in a blog post.
Smith said the victims were also found in Belgium, Great Britain, Canada, Israel, Mexico, Spain and the United Arab Emirates.
“It is certain that the number and location of victims will continue to grow,” Smith said, echoing concerns expressed this week by US officials about the serious threat of the attack.
“This is not ‘spy business as usual’, even in the digital age,” Smith said.
“Instead, it represents an act of recklessness that created serious technological vulnerability for the United States and the world.”
John Dickson of security company Denim Group said that many potentially vulnerable private sector companies are struggling to harden security, even to the point of considering rebuilding servers and other equipment.
“Everybody is in damage assessment now because it’s so big,” Dickson said. “It is a severe blow to confidence in both the government and critical infrastructure.”
The threat comes from a long-running attack that is believed to have injected malware into computer networks using enterprise management network software created by Texas-based IT company SolarWinds, with the hallmark of a nation-state attack.
James Lewis, vice president of the Center for Strategic and International Studies, said the attack could end up being the worst to hit the United States, overshadowing the 2014 hack of US government personnel records in an alleged Chinese infiltration.
“The scale is overwhelming. We don’t know what has been taken, so that’s one of the forensic jobs,” Lewis said.
“We also don’t know what has been left behind. The normal practice is to leave something behind so that they can re-enter the future.”
NSA Warning
The United States National Security Agency called for increased vigilance to prevent unauthorized access to key military and civilian systems.
Analysts have said that the attacks pose a threat to national security by infiltrating key government systems, while also creating risks to controls of key infrastructure systems, such as power grids and other utilities.
The US Cybersecurity and Infrastructure Security Agency (CISA) said government agencies, critical infrastructure entities and private sector organizations had been targeted by what it called an “advanced persistent threat actor.”
CISA did not identify who was behind the malware attack, but private security companies pointed the finger at hackers linked to the Russian government.
US Secretary of State Mike Pompeo also suggested Moscow’s involvement on December 14, saying the Russian government had made repeated attempts to violate US government networks.
President-elect Joe Biden expressed “great concern” over the computer breach, while Republican Senator Mitt Romney blamed Russia and criticized what he called “inexcusable silence” from the White House.
Romney compared the cyberattack to a situation where “Russian bombers have repeatedly been flying undetected over our entire country.”
CISA said the computer intrusions began in at least March this year, and the actor behind them had “demonstrated patience, operational security and complex business skill.”
“This threat presents a serious risk,” CISA said on December 17, adding that it “expects that removing this threat actor from compromised environments will be very complex and challenging for organizations.”
The hackers reportedly installed malware into software used by the United States Department of the Treasury and the Department of Commerce, allowing them to view internal email traffic.
The Department of Energy, which manages the government’s nuclear arsenal, confirmed that it had also been affected by the malware, but had disconnected the affected systems from its network.
“At this point, the investigation has found that the malware has been isolated only on commercial networks and has not affected the essential national security functions of the department’s mission, including the National Nuclear Security Administration,” said the spokeswoman for the agency, Shaylyn Hynes.
SolarWinds said that up to 18,000 customers, including government agencies and Fortune 500 companies, had downloaded compromised software updates, allowing hackers to spy on email exchanges.
Russia has denied its participation. – AFP
[ad_2]