How will the government pull its cybersecurity trousers back up?

Rather than blowing up systems or stopping them with something as coarse as a denial of service attack, the Sunburst Trojan horse that infected the infamous SolarWinds Orion product was designed to not interfere with the systems of its ultimate victims in any way. As the Cybersecurity and Infrastructure Security Agency puts it, “This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked. CISA urges organizations to prioritize measures to identify and address this threat.”

…FireEye provided the first and most concise description of what Sunburst can do: “After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services.”

Sunburst operates with a great deal of subtlety to avoid detection…It can disable, but so far no federal agency has reported a stoppage. If I were the alleged Russian government or government-sponsored hackers, why would I disable a system that’s sluicing valuable information my way?

This is just a look-in from outside the federal chain of command. It may be stating the obvious from a geek perspective; but, that’s a boatload more informative than the 1950’s black-and-white movie we get from the Associated Press or the Trump PR Band-Aid.

6 thoughts on “How will the government pull its cybersecurity trousers back up?

  1. Zero Trust says:

    Security firm Malwarebytes was infected by same hackers who hit SolarWinds : Group backed by a nation-state sponsored hackers who compromised a dozen or more US government agencies and private companies. https://arstechnica.com/information-technology/2021/01/security-firm-malwarebytes-was-infected-by-same-hackers-who-hit-solarwinds/
    Malwarebytes’ notice marks the fourth time a company has disclosed it was targeted by the SolarWinds hackers. Microsoft and security firms FireEye and CrowdStrike have also been targeted, although CrowdStrike has said the attempt to infect its network was unsuccessful. Government agencies reported to be affected include the Departments of Defense, Justice, Treasury, Commerce, and Homeland Security as well as the National Institutes of Health.

  2. Cassandra says:

    “Someone broke into the computer system of a water treatment plant in Florida and tried to poison drinking water for a Florida municipality’s roughly 15,000 residents, officials said on Monday.
    The intrusion occurred on Friday evening, when an unknown person remotely accessed the computer interface used to adjust the chemicals that treat drinking water for Oldsmar, a small city that’s about 16 miles northwest of Tampa. The intruder changed the level of sodium hydroxide to 11,100 parts per million, a significant increase from the normal amount of 100 ppm, Pinellas County Sheriff Bob Gualtieri said in a Monday morning press conference.”
    https://arstechnica.com/information-technology/2021/02/computer-intruder-tried-to-poison-drinking-water-for-a-small-florida-city/

  3. n00b says:

    White House press release: “Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks” (May 12, 2021) https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/
    “The Full Story of the Stunning RSA Hack Can Finally Be Told : In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.” https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/

  4. Ok then... says:

    “The Russian hackers who breached SolarWinds IT management software to compromise a slew of United States government agencies and businesses are back in the limelight. Microsoft said on Thursday that the same “Nobelium” spy group has built out an aggressive phishing campaign since January of this year and ramped it up significantly this week, targeting roughly 3,000 individuals at more than 150 organizations in 24 countries.” https://arstechnica.com/gadgets/2021/05/the-solarwinds-hackers-arent-back-they-never-went-away/

  5. p/s says:

    “Russian criminal gang probably hacked meat supplier JBS, says White House”
    https://www.ft.com/content/00eca8fc-4278-4c98-ace3-5967fe3bbd11
    A cyberattack on JBS SA, the largest meat producer globally, forced the shutdown of all its U.S. beef plants, wiping out output from facilities that supply almost a quarter of American supplies. The prospect of more extensive shutdowns worldwide is already upending agricultural markets and raising concerns about food security as hackers increasingly target critical infrastructure. Livestock futures slumped, while pork prices rose. https://www.bloomberg.com/news/articles/2021-05-31/meat-is-latest-cyber-victim-as-hackers-hit-top-supplier-jbs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.