How will the government pull its cybersecurity trousers back up?

Rather than blowing up systems or stopping them with something as coarse as a denial of service attack, the Sunburst Trojan horse that infected the infamous SolarWinds Orion product was designed to not interfere with the systems of its ultimate victims in any way. As the Cybersecurity and Infrastructure Security Agency puts it, “This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked. CISA urges organizations to prioritize measures to identify and address this threat.”

…FireEye provided the first and most concise description of what Sunburst can do: “After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services.”

Sunburst operates with a great deal of subtlety to avoid detection…It can disable, but so far no federal agency has reported a stoppage. If I were the alleged Russian government or government-sponsored hackers, why would I disable a system that’s sluicing valuable information my way?

This is just a look-in from outside the federal chain of command. It may be stating the obvious from a geek perspective; but, that’s a boatload more informative than the 1950’s black-and-white movie we get from the Associated Press or the Trump PR Band-Aid.

2 thoughts on “How will the government pull its cybersecurity trousers back up?

  1. Zero Trust says:

    Security firm Malwarebytes was infected by same hackers who hit SolarWinds : Group backed by a nation-state sponsored hackers who compromised a dozen or more US government agencies and private companies. https://arstechnica.com/information-technology/2021/01/security-firm-malwarebytes-was-infected-by-same-hackers-who-hit-solarwinds/
    Malwarebytes’ notice marks the fourth time a company has disclosed it was targeted by the SolarWinds hackers. Microsoft and security firms FireEye and CrowdStrike have also been targeted, although CrowdStrike has said the attempt to infect its network was unsuccessful. Government agencies reported to be affected include the Departments of Defense, Justice, Treasury, Commerce, and Homeland Security as well as the National Institutes of Health.

  2. Cassandra says:

    “Someone broke into the computer system of a water treatment plant in Florida and tried to poison drinking water for a Florida municipality’s roughly 15,000 residents, officials said on Monday.
    The intrusion occurred on Friday evening, when an unknown person remotely accessed the computer interface used to adjust the chemicals that treat drinking water for Oldsmar, a small city that’s about 16 miles northwest of Tampa. The intruder changed the level of sodium hydroxide to 11,100 parts per million, a significant increase from the normal amount of 100 ppm, Pinellas County Sheriff Bob Gualtieri said in a Monday morning press conference.”
    https://arstechnica.com/information-technology/2021/02/computer-intruder-tried-to-poison-drinking-water-for-a-small-florida-city/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.