How will the government pull its cybersecurity trousers back up?

Rather than blowing up systems or stopping them with something as coarse as a denial of service attack, the Sunburst Trojan horse that infected the infamous SolarWinds Orion product was designed to not interfere with the systems of its ultimate victims in any way. As the Cybersecurity and Infrastructure Security Agency puts it, “This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked. CISA urges organizations to prioritize measures to identify and address this threat.”

…FireEye provided the first and most concise description of what Sunburst can do: “After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services.”

Sunburst operates with a great deal of subtlety to avoid detection…It can disable, but so far no federal agency has reported a stoppage. If I were the alleged Russian government or government-sponsored hackers, why would I disable a system that’s sluicing valuable information my way?

This is just a look-in from outside the federal chain of command. It may be stating the obvious from a geek perspective; but, that’s a boatload more informative than the 1950’s black-and-white movie we get from the Associated Press or the Trump PR Band-Aid.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.