Header Ads

In the dark

January 05, 2021
Fully Charged
Bloomberg

Greetings from Kartikay on the cybersecurity team. My colleagues and I have spent the last month exploring the depths of one of the most brazen nation-state cyber-attacks on record. One astounding possibility remains: It could be vastly bigger than we know.

U.S. officials and cybersecurity experts believe the SolarWinds attackers were elite operatives carrying out a Russian espionage operation targeting the American government and entities close to it. Yet, nearly a month after we first learned of the sprawling campaign, intelligence gaps persist, ones that will likely take at least a year to close under the Biden administration, if they ever do.

Researchers started to piece together a picture of the intrusion using information found in the networks of U.S. agencies and companies. But there's another potential group of victims who haven't yet disclosed any attacks, in part because they may not yet know. That's America's critical infrastructure, which includes everything from bridges and airports to the electrical grid and hydroelectric dams.

When nation-states target these networks, capable of powering machinery on or off or diverting resources from one portion of a system to another, the results tend to be far more damaging than pure espionage. Like the IT systems of FireEye Inc. and government agencies, critical infrastructure systems were exposed to the Orion software from SolarWinds that was compromised by the hackers and used for further attacks. The hackers, believed to be tied to the Russian government, installed malware in Orion updates that was received by as many as 18,000 SolarWinds customers.

It gets worse. Only a small fraction of global infrastructure operators has the ability to survey the scope of their exposure to such an attack, said Rob Lee, founder and chief executive officer of security firm Dragos Inc. In some cases, utilities had no idea Orion—among the most popular network monitoring platforms—was even in their network, Lee said. "And in most cases, customers don't have the visibility or monitoring to know what to do, or know what happened."

Reports from critical infrastructure on their exposure to the hack range from "don't know" to, "I think something happened, but I don't know what," said Tony Turner, vice president of security solutions for Fortress Information Security, which works with infrastructure operators.

The U.S. Cybersecurity & Infrastructure Security Agency has identified critical infrastructure as an active target in this attack, while the Department of Energy is investigating a breach of the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, according to Politico.

So what do operators of industrial control systems do if they've been using SolarWinds all of this time? Assume they've been compromised, that the backdoor is open, said Lee. "We're dealing with espionage today; we don't know that they don't want to do something disruptive later."Kartikay Mehrotra, with Will Wade

If you read one thing

Employees of Google parent Alphabet announced the formation of a union on Monday, another sign of tense relations between the company and its staff. The group is called Alphabet Workers Union and will collect dues, pay organizing staff and have an elected board of directors. More than 200 employees have signed up so far.

And here's what you need to know in global technology news

As employees arrived back at the virtual office Monday after the holidays, many found that workplace communication tool Slack was down.

After hitting a new record of $34,000 on Sunday, Bitcoin prices fell as much as 17% on Monday.  

A plan to overhaul employee health care championed by Amazon, Berkshire Hathaway and JPMorgan has fizzled. The effort will shut down at the end of next month.

Singapore police may use data from the country's coronavirus contact-tracing program for criminal investigations

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )