[ad_1]
SEA ISLAND, Ga. — Russia’s leading intelligence agency launched another campaign to hack into thousands of US government, corporate and think tank computer networks, Microsoft officials and cybersecurity experts warned on Sunday, just months after President Biden imposed sanctions on Moscow. a series of sophisticated spy operations carried out around the world.
Tom Burt, one of Microsoft’s top security officials, said in an interview that the new effort is “huge and ongoing.” Government officials have confirmed that the operation, apparently aimed at obtaining data stored in the cloud, originated from the Russian intelligence agency SVR, which was the first to break into the networks of the Democratic National Committee during the 2016 election.
While Microsoft insists that the percentage of successful breaches is small, it has not provided enough information to accurately gauge the severity of the theft.
Earlier this year, the White House allegedly blamed the SVR for the incident. SolarWinds hacking, a highly sophisticated effort replace software used by government agencies and the country’s largest companies, giving Russians wide access to 18,000 users. Mr Biden said the attack had shaken confidence in the government’s core systems and promised retaliation for both intrusion and election interference. but then Announced sanctions on Russian financial institutions In April, tech companies and he slashed the fines.
“I was clear with President Putin that we could go further, but I chose not to do that,” Mr. Biden said after calling the Russian leader. “Now it’s time to lower the blood pressure.”
U.S. officials insist that the type of attack Microsoft reported falls into the category of espionage that major powers regularly carry out against each other. Still, the operation shows that networks continue to weaken rapidly in an arms race fueled by countries’ search for Covid-19 vaccine data, even as the two governments say they meet regularly to combat ransomware and other diseases of the internet age. a number of industrial and government secrets.
“The spies will spy,” said John Hultquist, vice president of intelligence analysis at Mandiant, the company that first detected the SolarWinds attack, at the Cipher Brief Threat Conference, which gathered many cyber experts and intelligence officials on Sunday on Sea Island. “But what we’ve learned from this is that the very good SVR is not slowing down.”
It is unclear how successful the last campaign was. Microsoft said it recently notified more than 600 organizations that they were the target of nearly 23,000 attempts to hack into their systems. In contrast, the company said it has detected only 20,500 targeted attacks from “all nation-state actors” in the past three years. Microsoft said a small percentage of recent attempts were successful, but did not provide details or specify how many organizations were compromised.
US officials confirmed that the operation, which they considered routine espionage, was continuing. But if successful, they insisted that most of the blame lies with Microsoft and similar cloud services providers.
A senior management official described the recent attacks as “uncomplicated, factory operations that could have been avoided if cloud service providers had implemented basic cybersecurity practices.”
“We can do a lot of things,” the official said, “but the responsibility for implementing simple cybersecurity practices to lock their digital doors and thus ours rests with the private sector.”
Government officials are trying to put more data in the cloud as it is much easier to protect information in the cloud. (Amazon runs the CIA’s cloud contract; during the Trump administration, Microsoft won a major contract to move the Pentagon to the cloud, but the program was recently shelved by the Biden administration due to a lengthy legal dispute over how it was awarded.)
But experts said the Russians’ latest attack is a reminder that moving to the cloud is not the solution, especially if those managing cloud operations are using insufficient security.
Microsoft said the attack focused on “resellers” firms that customize their use of the cloud for companies or academic institutions. The Russian hackers apparently calculated that if they could infiltrate the vendors, those firms would have high-level access to the data they wanted—like government emails, defense technology, or vaccine research.
Burt said the Russian intelligence agency is “trying to replicate the approach it has used in past attacks by targeting organizations that are an integral part of the global information technology supply chain.”
This supply chain is the main target of Russian government hackers and increasingly Chinese hackers trying to copy Russia’s most successful techniques.
Inside SolarWinds case Late last year, targeting the supply chain meant that Russian hackers deftly altered the computer code of network management software used by companies and government agencies, sneaking the corrupted code as it was sent to exactly 18,000 users.
After those users updated to a new version of the software—like tens of millions of people update an iPhone every few weeks—the Russians suddenly had access to their entire network.
In the latest attack, the SVR, known as a covert operator in the cyber world, used more brute-force-like techniques. As described by Microsoft, the attack primarily involved the distribution of a large database of stolen passwords in automated attacks aimed at luring Russian government hackers into Microsoft’s cloud services. It’s a more complex, less efficient process, and would only work if some of Microsoft’s vendors of cloud services hadn’t imposed some of the cybersecurity practices the company had demanded of them last year.
In a blog post scheduled to be made public on Monday, Microsoft said its resellers will do more to meet their contractual obligations to take security measures.
“What the Russians are looking for is systemic access,” said Christopher Krebs, who runs the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security. Dismissed by President Donald J. Trump for announcing last year that the 2020 elections were held honestly and without significant fraud. “They don’t want to try to open individual accounts.”
Federal officials say they are aggressively using Mr. Biden’s new powers to protect the country from cyber threats, noting in particular a new and far-reaching international effort to disrupt ransomware gangs, many of which are in Russia. Mr Biden, with a new and much larger team of senior officials overseeing the government’s cyber operations, is trying to enforce security changes that will make it much more difficult to carry out attacks similar to the latest attacks.
In response to SolarWinds, the White House announced a set of deadlines for government agencies and all contractors doing business with the federal government to undertake a new round of security practices that will make them more difficult targets for Russia, China, Iran and North Korea. hackers. These included basic steps such as a second method to verify who had accessed the account, similar to how banks or credit card companies send a code to a mobile phone or other device to make sure a stolen password was not used.
But adherence to new standards remains spotty as they are developed. Companies often resist government orders or say that a single set of regulations cannot afford to take the hassle out of locking down different types of computer networks. Management’s effort to require companies to report breaches in their systems to the government within 24 hours or be fined has met with intense opposition from corporate lobbyists.
[ad_2]
Source link