SolarWinds hack targeted nearly 2 dozen federal prosecutors offices, including some of the most influential in the country like the Eastern District of New York

department of justice building
  • The emails of federal prosecutors’ offices around the country were hacked by Russian intelligence during the SolarWinds cyber attack.
  • The Russian hackers had access to the emails of federal prosecutors in New York, California, DC and other jurisdictions from May to December 2020.
  • The Justice Department released the update to “increase transparency” with the public as it continues to investigate the hacking.
  • See more stories on Insider’s business page.

Federal US prosecutors were among targets of the Russian hackers behind the 2020 SolarWinds cyber attack, the Justice Department said on Friday.

According to the update, the SolarWinds hackers breached the Department’s Microsoft O365 email accounts, which included the mailboxes of federal prosecutors from New York, Los Angeles, and prominent offices in 13 other states.

At least one employee email at each of the affected district offices was hacked, and at least 80% of employees in the four major US attorneys’ New York district offices — the Eastern, Southern, Western and Northern — had their accounts hacked, the DOJ said. Hackers gained access to all sent, received, and stored emails and attachments in those accounts, though it is unclear which information the hackers took.

“New York is the financial center of the world and those districts are particularly well known for investigating and prosecuting white-collar crimes and other cases, including investigating people close to the former president,” Bruce Green, a Fordham Law School professor, told the Associated Press.

US federal investigators said Russia’s Foreign Intelligence Service (SVR) was responsible for installing malicious malware into SolarWinds’ Orion software in 2020. The US information technology firm has more than 300,000 clients, including US government agencies and the vast majority of Fortune 500 companies.

The group is believed to have had access to the emails from May to December of last year.

After learning these accounts were hacked, the Department’s Office of the Chief Information Officer cut off the channel the hackers used to the Microsoft Office accounts, notified the affected parties and the public, and is continuing to monitor the security risks associated with the hack.

The Justice Department released the update to “encourage transparency and strengthen homeland resilience,” and so that others can “use that information to prepare themselves for the next threat,” the updated statement said.

The US Department of Justice could not be reached at the time of publication.

Read the original article on Business Insider

China hacked an internet security tool to target Verizon and Southern California’s water supplier, among others

iPhone displaying Pulse Secure App
  • China hacked into Pulse Connect Secure, which provides internet security for Verizon, among others.
  • Sophisticated hackers were able to exploit never-before-seen vulnerabilities.
  • It’s unclear, what, if any sensitive information the hackers were able to ascertain.
  • See more stories on Insider’s business page.

RICHMOND, Va. (AP) – A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical US entities.

The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the Metropolitan Water District of Southern California, the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.

Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.

It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment on which customers were affected.

But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.

“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, the chief technology officer of Mandiant, whose company first publicized the hacking campaign in April.

The Pulse Secure hack has largely gone unnoticed while a series of headline-grabbing ransomware attacks have highlighted the cyber vulnerabilities to US critical infrastructure, including one on a major fuels pipeline that prompted widespread shortages at gas stations. The US government is also still investigating the fallout of the SolarWinds hacking campaign launched by Russian cyber spies, which infiltrated dozens of private sector companies and think tanks as well as at least nine US government agencies and went on for most of 2020.

The Chinese government has denied any role in the Pulse hacking campaign and the US government has not made any formal attribution.

In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.

“The capability is very strong and difficult to defend against, and the profile of victims is very significant,” said Adrian Nish, the head of cyber at BAE Systems Applied Intelligence. “This is a very targeted attack against a few dozen networks that all have national significance in one way or another.”

The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, or CISA, issued an April alert about the Pulse hack saying it was aware of “compromises affecting a number of US government agencies, critical infrastructure entities, and other private sector organizations.” The agency has since said that at least five federal agencies have identified indications of potential unauthorized access, but not said which ones.

Verizon said it found a Pulse-related compromise in one of its labs but it was quickly isolated from its core networks. The company said no data or customer information was accessed or stolen.

“We know that bad actors try to compromise our systems,” said Verizon spokesman Rich Young. “That is why internet operators, private companies, and all individuals need to be vigilant in this space.”

The Metropolitan Water District of Southern California, which provides water to 19 million people and operates some of the largest treatment plants in the world, said it found a compromised Pulse Secure appliance after CISA issued its alert in April. Spokeswoman Rebecca Kimitch said the appliance was immediately removed from service and no Metropolitan systems or processes were known to have been affected. She said there was “no known data exfiltration.”

The Metropolitan Transportation Authority in New York also said they’ve not found evidence of valuable data or customer information was stolen. The breach was first reported by The New York Times.

Mandiant said it found signs of data extraction from some of the targets. The company and BAE have identified targets of the hacking campaign in several fields, including financial, technology and defense firms, as well as municipal governments. Some targets were in Europe, but most in the US.

The new details of the Pulse Secure hack come at a time of tension between the US and China. Biden has made checking China’s growth a top priority, and said the country’s ambition of becoming the wealthiest and most powerful country in the world is “not going to happen under my watch.”

Read the original article on Business Insider

Russia’s intelligence chief suggested without evidence that the US and UK orchestrated the SolarWinds hack that breached US government agencies

A screenshot of the BBC interview with FIS chief Sergei Naryshkin.
SVR chief Sergei Naryshkin speaking to the BBC.

  • US intelligence agencies suspect Russia is behind the SolarWinds hack on federal agencies last year.
  • But on Monday, Russia’s head of foreign intelligence suggested the UK and US itself might have been behind it.
  • Sergei Naryshkin didn’t give evidence or explain why the US would hack its own agencies.
  • See more stories on Insider’s business page.

The head of Russia’s foreign intelligence service (SVR) suggested without evidence that the US and UK were actually behind last year’s SolarWinds hack, which compromised US government agencies and major companies for months.

In January, US intelligence agencies said that the cyberattack was likely Russian in origin, and President Joe Biden’s administration in April imposed new sanctions on Russia, citing the hack as a reason. Russia has denied any involvement in the hack.

Speaking to the BBC, SVR chief Sergei Naryshkin repeated the denial, saying: “These claims are like a bad crime novel.”

Instead, he suggested that a US-UK partnership was capable of carrying out the attack, citing 2013 reporting based on the leaks made by the National Security Agency whistleblower Edward Snowden.

That year, The Guardian published details of secret documents outlining how the NSA and its British counterpart GCHQ collaborated with tech companies to insert secret vulnerabilities into encryption software. This gave them the ability to crack much of the encryption used for personal data such as emails and online transactions, the report said.

The revelation caused international scandal, prompting then-President Barack Obama to say that the NSA was not “rifling through” ordinary people’s emails, as The Guardian reported at the time.

Speaking of the SolarWinds hack, Naryshkin told the BBC: “I don’t want to assert that this cyberattack was carried out by a US agency, but the tactics are similar.” He did not elaborate on how or why the US would hack into its own agencies.

Vladimir Putin
Russian President Vladimir Putin in 2012.

Naryshkin said that all the accusations made against Russian intelligence agencies – “cyber attacks, poisonings, hacks, interference in elections” – were “absurd” and “pathetic.”

Russia has been accused of an array of intelligence-led attacks on foreign soil in recent years, from the 2018 poisoning of the former agent Sergei Skripal in England to attempts to influence the 2016 US presidential election.

“Regarding these accusations that have been leveled against us publicly … Russia is not involved,” Naryshkin said, echoing past denials from Russian officials.

Experts are still unraveling the impact of the SolarWinds hack and may never get a full assessment, as Insider’s Kelsey Vlamis reported.

The software firm, used by hundreds of companies and top government agencies, was targeted by hackers who inserted malicious code into its systems. Any client who updated their software between March and June ended up with a backdoor into their system, which hackers could exploit.

The FBI, NSA, Cybersecurity and Infrastructure Security Agency, and the Director of National Intelligence said in a joint January statement that the hack was likely intelligence-related when it pointed the finger at Russia.

“An Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the agencies said.

Read the original article on Business Insider

Ransomware attacks hit ‘under-resourced’ city governments hardest, says cybersecurity expert whose kids’ school was shut down by hackers for 4 days

Colonial Pipeline
Trucks line up at a Colonial Pipeline facility.

  • Friday’s DarkSide attack took down a major oil pipeline that supplies the US East Coast.
  • A cybersecurity expert said such ransomware attacks tend to target municipal governments.
  • The expert’s kids were out of school for four days last year after Baltimore’s school system was hacked.
  • See more stories on Insider’s business page.

The hacking of a major US oil pipeline Friday is the latest in a string of cyberattacks under federal investigation.

The stories read like movie loglines: A reportedly Russia-backed group slowly burrowed its way into US digital infrastructure, gaining access to important government accounts. An unknown cyber-assailant tried to poison a Florida town’s water supply. And now, a group of veteran cybercriminals took down an East Coast oil pipeline and held it ransom.

Ransomware attacks are common and are the cyberattack with the most potential to wreak havoc on everyday life, according to Ben Miller, an executive at the industrial cybersecurity firm Dragos Inc.

Miller had firsthand experience with a ransomeware attack in November, when hackers took over Baltimore’s school system and forced it to shut down for four days.

“My kids didn’t have any snow days this year because they had school from home,” Miller told Insider. “They had ransomware days.”

There are two major types of cyberattacks, according to Miller: attacks like the one on US information technology firm SolarWinds, which US intelligence agencies say Russia was behind, that seek some kind of geopolitical advantage. Then there is smaller-scale ransomware, where – normally private actors that may or may not work with tacit government permission – go after companies and other institutions and then extort them to ease up on the attack.

The DarkSide attack against the Colonial Pipeline was a ransomware attack. The hacking group shut down a major pipeline that runs from Texas to New York, demanding money in order to restore its service in what Miller said was an example of how cyberattacks are increasingly affecting the “real world.”

Some of the most common targets of ransomware are municipal governments that are “under-resourced and under-managed” when it comes to cybersecurity, Miller said. Several other school systems in the US were hit by ransomware attacks in the past year. In April, the Justice Department announced a new task force to address ransomware attacks across the US.

Ransomware gangs also go after hospitals, as in the 2017 Wannacry hack that shut down parts of Britain’s National Health Service.

The hackers typically want to cause as much pain as possible so that they can get paid quickly, Miller said, making critical infrastructure an appealing target.

“When they can have a direct impact on their business – like shutting down a pipeline or impact to some facility – it does ring a chord with the victims and how they respond to that,” Miller said.

Miller said cyberattacks are so commonly directed at US companies because they’re wealthy enough to pay off ransomware attackers. Ransomware hacking groups view themselves as businesses, he said, and target companies and institutions in countries where they’re likely to make money: The United States, Britain, and Germany.

“The industry in the US would be more likely to pay an extortion of a couple of hundred thousand dollars or whatever,” Miller said. “Not to say that they should, or do – but they’re perceived that way, compared to firms in South America or Africa where that would literally, in many cases, put these firms out of business.”

Read the original article on Business Insider

The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal

SolarWinds
SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.

  • SolarWinds was the subject of a massive cybersecurity attack that spread to the company’s clients.
  • Major firms like Microsoft and top government agencies were attacked, and sensitive data was exposed.
  • Here’s a simple explanation of what happened and why it’s important.

SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months, Reuters first reported in December. Foreign hackers, who some top US officials believe are from Russia, were able to use the hack to spy on private companies like the elite cybersecurity firm FireEye and the upper echelons of the US Government, including the Department of Homeland Security and Treasury Department.

On Thursday, it was reported that the US government was ready to impose sanctions on about a dozen Russian intelligence officials over their alleged role in interfering with the 2020 presidential election as well as the Solarwinds attack.

Here’s a simple explanation of how the massive breach happened, and why it matters.

An unusual hack

In early 2020, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system. The system, called “Orion,” is widely used by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion, according to SEC documents.

Most software providers regularly send out updates to their systems, whether it’s fixing a bug or adding new features. SolarWinds is no exception. Beginning as early as March of 2020, SolarWinds unwittingly sent out software updates to its customers that included the hacked code.

The code created a backdoor to customer’s information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations.

Read more: How hackers breached IT company SolarWinds and staged an unprecedented attack that left US government agencies vulnerable for 9 months

The victims

SolarWinds told the SEC that up to 18,000 of its customers installed updates that left them vulnerable to hackers. Since SolarWinds has many high-profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive. Microsoft president Brad Smith said in a February congressional hearing that more than 80% of the victims targeted were nongovernment organizations.

Read more: Microsoft said its software and tools were not used ‘in any way’ in the SolarWinds attacks. New findings suggest a more complicated role

US agencies – including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury – were attacked. So were private companies, like Microsoft, Cisco, Intel, and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University, the Wall Street Journal reported.

And since the hack was done so stealthily, and went undetected for months, security experts say that some victims may never know if they were hacked or not, the Wall Street Journal reported.

At the Treasury Department, hackers broke into dozens of email accounts and networks in the Departmental Offices of the Treasury, “home to the department’s highest-ranking officials,” Sen. Ron Wyden said. The IRS hasn’t found any evidence of being compromised, he added. Treasury Secretary Steven Mnuchin said on CNBC that the hackers have only accessed unclassified information, but the department is still investigating the extent of the breach.

Read more: Former US cybersecurity chief Chris Krebs says officials are still tracking ‘scope’ of the SolarWinds hack

Who did it?

Federal investigators and cybersecurity experts say that Russia’s Foreign Intelligence Service, known as the SVR, is probably responsible for the attack. Russian intelligence was also credited with breaking into the email servers in the White House, the State Department, and the Joint Chiefs of Staff in 2014 and 2015. Later, the same group attacked the Democratic National Committee and members of the Hilary Clinton presidential campaign.

Russia has denied any involvement with the breach and former President Donald Trump had suggested, without evidence, that Chinese hackers may be the culprits. But the Biden White House has said it may respond to the cyberattack in the coming weeks, which could include actions against the Russian government.

Microsoft’s Smith said during the February hearing that he believes Russia is behind the attack, and FireEye CEO Kevin Mandia said based on his company’s forensic analysis, the evidence is “most consistent with espionage and behaviors we’ve seen out of Russia.” However, the execs noted that the full extent of the attack is still unfolding.

Read more: 5 takeaways from the Tuesday Senate hearing over the SolarWinds cyberattack

Why it matters

Now that multiple networks have been penetrated, it’s expensive and very difficult to secure systems. Tom Bossert, President Trump’s former homeland security officer, said that it could be years before the networks are secure again. With access to government networks, hackers could, “destroy or alter data, and impersonate legitimate people,” Bossert wrote in an Op-Ed for the New York Times.

Not only is the breach one of the largest in recent memory, but it also comes as a wake-up call for federal cybersecurity efforts. The US Cyber Command, which receives billions of dollars in funding and is tasked with protecting American networks, was “blindsided” by the attack, the New York Times reported. Instead, a private cybersecurity firm called FireEye was the first to notice the breach when it noticed that its own systems were hacked.

FireEye CEO Kevin Mandia testified in February after the US Senate summoned SolarWinds as well as Microsoft, CrowdStrike to a series of hearings over the sweeping breach.

The hack could accelerate broad changes in the cybersecurity industry. Companies are turning to a new method of assuming that there are already breaches, rather than merely reacting to attacks after they are found, Business Insider previously reported. And the US government may reorganize its cybersecurity efforts by making the Cyber Command independent from National Security Agency, the Associated Press reported.

The attack may also lead to a strengthened relationship between the US government and the cybersecurity industry, with the private sector helping federal officials fight off nation-state attacks and foreign bad actors in the future, as Insider reported.

Read the original article on Business Insider

Biden administration sets the stage for retaliation against Russia over SolarWinds, election interference: report

Biden
President Joe Biden

  • The Biden administration finished an intelligence report on alleged Russian meddling, Bloomberg reported.
  • The review could lead to retaliatory action against Russia over the SolarWinds hack and election interference, according to the report.
  • Last month, Biden announced sanctions against Russian officials over the treatment of Putin critic Alexei Navalny.
  • See more stories on Insider’s business page.

The Biden administration completed an intelligence review of alleged Russian meddling in the SolarWinds cybersecurity attack and interference in US elections, Bloomberg reported Wednesday.

The review could set the stage for possible retaliatory actions like enacting sanctions or expulsion of Russian intel officers in the US, three people familiar with the matter told Bloomberg.

Now that the intelligence review is complete, the US could respond by “singling out people close to Russian President Vladimir Putin as well as agencies linked to election interference,” Bloomberg reported.

In January, a joint US intelligence task force issued a rare initial public statement to the SolarWinds hack that it was “likely Russian in nature,” Insider’s Azmi Haroun reported.

Last month, a declassified report from the Office of the Director of National Intelligence said Russia was among the countries that authorized covert influence operations aimed at altering the outcome of the 2020 election, which ended up being unsuccessful, according to Insider’s Sonam Sheth.

Representatives from the White House did not immediately respond to Insider’s request for comment. A spokesperson for the State Department declined to comment.

White House Press Secretary Jen Psaki confirmed the review in a press briefing on January 21, saying it was intended “to hold Russia to account for its reckless and adversarial actions.”

“And to this end, the President is also issuing a tasking to the intelligence community for its full assessment of the SolarWinds cyber breach, Russian interference in the 2020 election, its use of chemical weapons against opposition leader Alexei Navalny, and the alleged bounties on US soldiers in Afghanistan,” Psaki said during the press briefing.

The news of the review comes after President Joe Biden announced sanctions against Russian officials last month over the arrest and alleged poisoning of Putin critic Alexei Navalny, but has not yet acted upon the other three areas Psaki mentioned in January.

Read the original article on Business Insider

The US Senate is grilling Microsoft and SolarWinds over last year’s historic cyberattack

SolarWinds
SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.

  • US Senators are questioning the tech firms involved in last year’s sweeping cyberattack.
  • SolarWinds, Microsoft, FireEye, and CrowdStrike are all testifying in the Tuesday hearing, which you can livestream below.
  • Hackers installed malware into SolarWinds’ software, which was then distributed to the firm’s clients.
  • Visit the Business section of Insider for more stories.

The US Senate is questioning the chief exeutives of SolarWinds and other tech firms in a hearing Tuesday after unknown attackers, with suspected links to Russia, infiltrated the company’s software last year, compromising thousands of organizations including major federal agencies.

SolarWinds is joined in the hearing by FireEye, the cybersecurity firm that first discovered the malware in December, as well as Microsoft, whose president, Brad Smith, is present at the proceedings. CrowdStrike CEO George Kurtz will also testify; his cybersecurity firm was apparently able to stave off the hackers.

The cyberattack began in March of last year and went undetected for months. SolarWinds told the SEC that about 18,000 of its 300,000 clients were targeted in the attack. High-level government data was left exposed – the Trump administration confirmed in December that hackers had indeed infiltrated key networks, including the US Treasury and the Commerce Department. 

Read more: Why the impact of the unprecedented SolarWinds hack that hit federal agencies is ‘gargantuan’ and could hurt thousands of companies, according to cybersecurity experts

Fortune 500 companies – including Microsoft, AT&T, and McDonald’s – were among SolarWinds’ vulnerable customer base. Microsoft has said its products, including its Office 365 suite and Azure cloud, were not used in the hack, but they were targeted, with the attackers making off with some of its source code. And FireEye researchers say the hackers appear to be able to send emails and access calendars on Microsoft’s 365 suite.

Read more: Microsoft said its software and tools were not used ‘in any way’ in the SolarWinds attacks. New findings suggest a more complicated role

The White House has said it may respond to the SolarWinds hacks in a matter of weeks, which could include sanctions against the Russian government.

As Insider reported, Tuesday’s hearing will be a pivotal moment in the relationship between the US government and the cybersecurity world, namely how the industry can help federal officials stave off nation-state attacks in the future.

You can watch the live stream below. Follow along here for live updates from the hearing.

Chairman Mark Warner said the committee invited Amazon to attend the hearing but the company declined

Sen. Warner kicked off the hearing and noted that Amazon declined the Senate’s invitation to testify in Tuesday’s hearing. Sen. Marco Rubio also touched on the company’s lack of participation and said, “it would be most helpful in the future if they actually attended these hearings.” Amazon did not immediately respond to Insider’s request for comment.

Microsoft president Brad Smith said the attack’s full scope is still unfolding

In his opening statement, Smith said there’s much that we still don’t know regarding the extent of the cyberattack and that there must be reform to the relationship between Silicon Valley’s cybersecurity arm and the federal government. He also said he believes that Russia is behind the attack.

FireEye CEO Kevin Mandia used his opening statement to declare the attack as behind “exceptionally hard to detect” and also later said that this was a planned hack. “The question is where’s the next one? And where are we going to find it?” Mandia said.  

Microsoft’s Smith believes all the evidence points to Russia

Smith said earlier that “at this stage we’ve seen substantial evidence that points to the Russian foreign embassy and we’ve seen no evidence that points to anyone else.”

Mandia and CrowdStrike CEO George Kurtz agreed that the attacker was a nation-state actor. However, neither confirmed who they thought was exactly behind it. Mandia did say that his company analyzed forensics and found that it’s “most consistent with espionage and behaviors we’ve seen out of Russia.”

Read the original article on Business Insider

A Biden official says the White House’s response to the SolarWinds attack may come within weeks

biden vaccine
President Joe Biden

  • The Biden administration may respond to SolarWinds attack within weeks.
  • National security advisor Jake Sullivan said the administration is considering new sanctions. 
  • You “will be hearing about this in short order,” Sullivan said on CNN on Friday.
  • Visit the Business section of Insider for more stories.

The White House may respond to the SolarWinds hacks within weeks, a senior administration official said on CNN

Jake Sullivan, national security advisor, told CNN’s Christiane Amanpour that President Joe Biden’s administration may respond “weeks from now.” Sullivan said it would consider new sanctions, as one of a “broad range of responses.” 

SolarWinds, an IT firm providing software to the US government, was the target of a massive cybersecurity attack discovered late last year. The breach, which included systems at the US Treasury Dept. and Homeland Security, had gone undetected for months. 

In January, a joint US intelligence task force issued a statement saying the hack was “likely Russian in nature.”

“We believe we can go further than that,” Sullivan said on Friday.

He added: “We are in the process of working through, with the intelligence community, and his national security team, a series of steps to respond to SolarWinds, including steps that will hold who we believe is responsible for this accountable, and you will be hearing about this in short order.”

On Wednesday, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said the US intelligence community is still “looking at who is responsible,” but that it was likely of Russian origin. 

She said at least nine federal agencies and 100 private companies were compromised. She added that the response might be “several months” away, a longer timeline than Sullivan gave. 

“The hackers launched the hack from inside the United States, which further made it difficult for the US government to observe their activity. Even within federal networks, a culture and authorities inhibit visibility, which is something we need to address,” said Neuberger in the White House Briefing Room.  

The government’s response so far has focused on removing the hackers, improving cybersecurity, and considering how to respond, she said. 

Read the original article on Business Insider

Cybersecurity firm Malwarebytes was hacked by ‘Dark Halo,’ the same group that breached SolarWinds last year

computer hack cybercrime
  • SolarWinds hackers attacked cybersecurity firm Malwarebytes, ZDNet reported. 
  • The company’s software remains “safe to use,” the CEO said.
  • Malwarebytes adds to a growing list of firms attacked by the SolarWinds hackers.
  • Visit Business Insider’s homepage for more stories.

The same group that breached IT software company SolarWinds last year has hacked cybersecurity firm Malwarebytes, ZDNet reported, adding to the growing list of major security firms targeted by the group.

Malwarebytes said hackers used a weakness in the Azure Active Directory and malicious Office 365 applications to breach the company’s internal systems, according to ZDNet. The company said the situation was not related to the SolarWinds’ breach, as Malwarebytes doesn’t use any of their systems. 

The SolarWinds hack last year was a “supply chain attack” that led to breaches at US government agencies and other businesses. SolarWinds, FireEye, Microsoft, CrowdStrike and now Malwarebytes have all been targeted by UNC2452/Dark Halo, a group US agencies have said the Russian government is behind. 

Read more: Top federal cybersecurity experts explain why the SolarWinds cyberattack is such a big deal – and why it’s too soon to declare cyberwar

Malwarebytes was not immediately available for Insider’s request for comment.

Malwarebytes learned of the breach on December 15 from the Microsoft Security Response Center and has since investigated the matter. The company’s CEO Marcin Kleczynski told ZDNet the hacker only gained access to a limited subset of internal company emails and added that the “software remains safe to use.”

Read the original article on Business Insider

Here’s a simple explanation of how the massive SolarWinds hack happened and why it’s such a big deal

SolarWinds
SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.

  • SolarWinds is a major IT firm that provides software for entities ranging from Fortune 500 companies to the US government. 
  • Reuters first reported that SolarWinds was the subject of a massive cybersecurity attack that spread to the company’s clients. 
  • The breach went undetected for months, and could have exposed data in the highest reaches of  government, including the US military and the White House.
  • Here’s a simple explanation of what happened and why it’s important. 

SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months, Reuters first reported last week. Foreign hackers, who some top US officials believe are from Russia, were able to use the hack to spy on private companies like the elite cybersecurity firm FireEye and the upper echelons of the US Government, including the Department of Homeland Security and Treasury Department. 

Here’s a simple explanation of how the massive breach happened, and why it matters. 

An unusual hack

Earlier this year, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system. The system, called “Orion,” is widely used by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion, according to SEC documents

Most software providers regularly send out updates to their systems, whether it’s fixing a bug or adding new features. SolarWinds is no exception. Beginning as early as March, SolarWinds unwittingly sent out software updates to its customers that included the hacked code. 

The code created a backdoor to customer’s information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations. 

Read more: How hackers breached IT company SolarWinds and staged an unprecedented attack that left US government agencies vulnerable for 9 months

The victims

SolarWinds told the SEC that up to 18,000 of its customers installed updates that left them vulnerable to hackers. Since SolarWinds has many high profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive.

US agencies, including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury were attacked. So were private companies, like Microsoft, Cisco, Intel, and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University, the Wall Street Journal reported

And since the hack was done so stealthily, and went undetected for months, security experts say that some victims may never know if they were hacked or not, the Wall Street Journal reported

At the Treasury Department, hackers broke into dozens of email accounts and networks in the Departmental Offices of the Treasury, “home to the department’s highest-ranking officials,”  Senator Ron Wyden said. The IRS hasn’t found any evidence of being compromised, he added. Treasury Secretary Steven Mnuchin said on CNBC that the hackers have only accessed unclassified information, but the department is still investigating the extent of the breach.  

Read more: Former US cybersecurity chief Chris Krebs says officials are still tracking ‘scope’ of the SolarWinds hack

Who did it?

Federal investigators and cybersecurity experts say that Russia’s Foreign Intelligence Service, known as the SVR, is probably responsible for the attack. Russian intelligence was also credited with breaking into the email servers in the White House, the State Department, and the Joint Chiefs of Staff in 2014 and 2015. Later, the same group attacked the Democratic National Committee and members of the Hilary Clinton presidential campaign.

Russia has denied any involvement with the breach and President Trump has suggested, without evidence, that Chinese hackers may be the culprits.

Why it matters

Now that multiple networks have been penetrated, it’s expensive and very difficult to secure systems. Tom Bossert, President Trump’s former homeland security officer, said that it could be years before the networks are secure again. With access to government networks, hackers could, “destroy or alter data, and impersonate legitimate people,” Bossert wrote in an Op-Ed for the New York Times

Not only is the breach one of the largest in recent memory, but it also comes as a wake-up call for federal cybersecurity efforts. The US Cyber Command, which receives billions of dollars in funding and is tasked with protecting American networks, was “blindsided” by the attack, the New York Times reported.   Instead, a private cybersecurity firm called FireEye was the first to notice the breach when it noticed that its own systems were hacked. 

Finally, the hack could accelerate broad changes in the cybersecurity industry. Companies are turning to a new method of assuming that there are already breaches, rather than merely reacting to attacks after they are found, Business Insider previously reported. And the US government may reorganize its cybersecurity efforts by making the Cyber Command independent from National Security Agency, the Associated Press reported

Read more: Op-Ed: The fallout from the SolarWinds hack that infiltrated the US Treasury and Homeland Security will get worse before it gets better

Read the original article on Business Insider