Re: How Russia hacked the Democrats email
-
-
Re: How Russia hacked the Democrats email
Ransomware is such a profitable industry for organized crime that revenues are expected to increase from $3T to over $6T dollars next year!
Savvy IT Managers now advise their clients that it may be impossible to prevent all attacks, you can only mitigate the damages.
The best no cost way to protect yourself is Two Factor Authentication (2FA). Criminals will simply more onto easier targets.
In 2021, business's need to invest in a new technology know as IOC/ Indicators of Compromise.
The cyber security world is quickly shifting from prevention to detection. One needs to understand that no business can be fully protected from all of the bad cyber events that could happen.
The job of an IT Security specialist is to detect any IT breaches as quickly as possible so that an appropriate reaction can be detected quickly, shut it down and stop it in its tracks.
There are two tools that can be used.
- Managed Detection response (MDR)
- Managed Risk Response (MRR)
The task is to quickly identify something on the network that should not be there, usually a processing pattern going on behind the scenes, stop it, shut it down, freeze it in its tracks and deploy security counter measures to eradicate the threat before any solution becomes very costly.Comment
-
Re: How Russia hacked the Democrats email
How Russia's 'info warrior' hackers let Kremlin play geopolitics on the cheap
Moscow, with its growing cyber capabilities, appears undeterred by Western sanctions and other countermeasures
The sprawling SolarWinds hack by suspected Russian state-backed hackers is the latest sign of Moscow's growing resolve and improving technical ability to cause disruption and conduct espionage at a global scale in cyberspace.
The hack, which compromised parts of the U.S. government as well as tech companies, a hospital and a university, adds to a string of increasingly sophisticated and ever more brazen online intrusions, demonstrating how cyber operations have become a key plank in Russia's confrontation with the West, analysts and officials say.
Moscow's relations with the West continue to sour, and the Kremlin sees the cyber operations as a cheap and effective way to achieve its geopolitical goals, analysts say. Russia, they say, is therefore unlikely to back off from such tactics, even while facing U.S. sanctions or countermeasures.
"For a country that already perceives itself as being in conflict with the West practically in every domain except open military clashes, there is no incentive to leave any field that can offer an advantage," said Keir Giles, senior consulting fellow at Chatham House think tank.
The scope of Russia's cyber operations has grown in tandem with Moscow's global ambitions: from cyberattacks on neighboring Estonia in 2007 to election interference in the U.S. and France a decade later, to SolarWinds, seen as one of the worst known hacks of federal computer systems.
"We can definitely see that Russia is stepping on the gas on cyber operations," said Sven Herpig, a former German government cybersecurity official and expert at German independent public-policy think tank Stiftung Neue Verantwortung. "The development of new tools, the division of labor, the creation of attack platforms, has all increased in sophistication over the years," he said.
Jamil Jaffer, a former White House and Justice Department official, said that cyber operations have become "a significant part of [Russia's] play."
"It's allowed them to level up," said Mr. Jaffer, senior vice president at IronNet Cybersecurity.
Russia has consistently denied engaging in state-backed hacking campaigns, including SolarWinds, maintaining that the country isn't conducting offensive cyber operations. In September, Russian President Vladimir Putin proposed a reset of U.S.-Russia information-security relations.
"Russia is not involved in such attacks, particularly in [SolarWinds]. We state this officially and resolutely," Kremlin spokesman Dmitry Peskov said recently. "Any allegations of Russia being involved are absolutely groundless and appear to be the continuation of a kind of blind Russophobia," he said.
But analysts say that Moscow has added hacking to its arsenal of so-called gray-area activities -- a type of warfare that stops short of actual shooting -- alongside disinformation campaigns and the use of "little green men," the masked soldiers in green uniforms who appeared with Russian arms on Ukrainian territory in 2014.
Comment
-
Re: How Russia hacked the Democrats email
...
Jeffrey Edmonds, a former White House and Central Intelligence Agency official who studies Russia at CNA, a nonprofit research organization that advises the Pentagon, said that Russia's cyber operations have numerous simultaneous goals, including gathering intelligence, testing capabilities, preparing for potential conflict by mapping adversaries' critical infrastructure and laying the groundwork for cyber negotiations.
Such operations are a relatively inexpensive and effective way to conduct geopolitics, said Bilyana Lilly, researcher at think tank Rand Corp. That is crucial for Russia, which is facing considerable economic and demographic challenges and whose economy is smaller than Italy's. A 2012 article in an official Russian military journal said that the "complete destruction of the information infrastructures" of the U.S. or Russia could be carried out by just one battalion of 600 "info warriors" at a price tag of $100 million.
Responding to Moscow's increased cyber activity has been a challenge. Washington's retaliation measures -- sanctions, property seizures, diplomatic expulsions, even the cyber equivalent of warning shots -- appear to have done little to deter hacks.
"Russia doesn't see sanctions as an instrument of pressure but as an instrument of punishment," said Pavel Sharikov, senior fellow at the Russian Academy of Sciences's Institute for U.S. and Canadian Studies. "The Russian government says, 'Yes we understand that you don't like what we are doing, but we don't really care.'"
In recent years, so-called information confrontation has become an established part of Russia's military doctrine, according to a paper co-written by Rand's Ms. Lilly. In 2019, Gen. Valery Gerasimov, Russia's General Staff chief, said that in modern warfare, cyberspace "provides opportunities for remote, covert influence not only on critical information infrastructures, but also on the population of the country, directly influencing national security."
Russia's use of hacking to advance its geopolitical agenda initially focused mainly on targets in ex-Soviet countries. A 2007 cyberattack in Estonia disabled websites of the government, banks and newspapers. Later attacks in Ukraine and Georgia knocked out power supplies, disrupted media outlets and targeted election infrastructure, officials said.
More recently, Russian state-backed hackers set their sights on the West. In 2014, they penetrated the State Department's unclassified email system and a White House computer server and stole President Barack Obama's unclassified schedule, U.S. officials said. In 2015, they got into the German parliament, according to German officials, in what experts see as the most significant hack in the country's history.
Since its interference in the 2016 U.S. elections, Russia has been accused of attacks on the French elections and the Pyeongchang Winter Olympics and the costly NotPetya malware attacks on corporate networks. This year, Western governments accused Russia of cyber espionage against targets related to coronavirus vaccines. Russia has denied involvement.
As the operations have grown in scope, Russian hackers' technical abilities have improved, experts say.
In the 2007 Estonia attack, hackers used a relatively crude tool called "distributed denial-of-service" which knocked websites offline by flooding them with data, and did little to hide their trail, with some of their IP addresses located in Russia.
More recent operations have used new reconnaissance tools and methods to cloak operations, including false flag tactics, to make it appear that another country was responsible.
In 2018, federal officials said that state-sponsored Russian hackers broke into supposedly secure, "air-gapped" or isolated networks owned by U.S. electric utilities. In the SolarWinds hack, intruders stealthily used a routine software update to gain access to hundreds of U.S. government and corporate systems undetected for months.
Still, some former U.S. officials said Russia is far from flawless in the cybersphere.
"They're not 10 feet tall. They are detectable," said former senior CIA official Steven Hall, who oversaw U.S. intelligence operations in the former Soviet Union and Eastern Europe.
Ultimately, how sophisticated Russia is in the cyber realm remains to be seen, said Bruce Potter, chief information security officer at cybersecurity firm Expel. Nations are reluctant to deploy their best cyber tools because doing so would cause countries and companies to rapidly patch a vulnerability.
"They just put down enough to get the job done," he said. "And they get the job done."Comment
-
Re: How Russia hacked the Democrats email
With Microsoft acknowledging for the first time this past week that suspected Russian hackers behind a massive government security breach also gained access to its source code, pressure is mounting on US officials and cybersecurity experts to explain how the attackers infiltrated various US computer networks, what they did once inside and the steps that are being taken to mitigate the damage.
As US officials struggle with the fallout, questions are swirling about whether the agency tasked with protecting the nation from cyberattacks is up to the job.
On Wednesday, the Cybersecurity and Infrastructure Security Agency, (CISA) signaled it's still working to patch the known vulnerabilities, advising agencies to update their software from SolarWinds, a private contractor attackers exploited to gain access into potentially thousands of public and private sector organizations.
Congressional Democrats and the Biden transition team are demanding more information about the massive hacking campaign, calling on the Trump administration to address concerns about its handling of the fallout and perceived lack of transparency in the weeks since the data breach was first discovered.
The Biden team in particular has stated that it's been stonewalled by Trump officials in its effort to learn more about key national security issues, including the hack.
Trump administration officials say those accusations are exaggerated but have also acknowledged they are wary of any transition activity that could provide the Biden team a head start in dismantling the President's priorities.
To date, the White House has offered few public details about what is believed to be the most significant cyber operation targeting the US in years. The lack of clarity has only raised more questions.
Private cybersecurity firms have provided their own independent analysis in recent weeks, but the findings disclosed publicly so far have only scratched the surface of what occurred and how to address the ongoing threat.
Microsoft's announcement Thursday that hackers viewed its source code after gaining access to its systems through the SolarWinds software further highlights the broad reach of the attack and suggests that corporate espionage may have been as much a motive as a hunt for government secrets.
Source code represents the basic building blocks of computer programs. They are the instructions written by programmers that make up an application or computer program.
The Senate Intelligence Committee expects to receive a briefing on the hack next week from Gen. Paul Nakasone, leader of both the National Security Agency and US Cyber Command, a source familiar with the plans told CNN.
House Intelligence Committee Chairman Adam Schiff received a briefing from Nakasone in late December but is not scheduled for an update next week, according to a committee aide.
Intelligence officials briefed lawmakers on both panels earlier this month after the breach was first discovered but the level of detail provided was limited as relevant agencies were largely caught off guard by the attack.
Comment
-
Re: How Russia hacked the Democrats email
.....
CISA overwhelmed
The lack of information since then has fueled concerns about the government's ability to address the ongoing cyber threat, particularly as critics question whether CISA is equipped to protect the integrity of government systems from adversaries, foreign or domestic.
Some of the nearly half-dozen government agencies affected by the hack have recently reached out to CISA for help with addressing the known vulnerabilities that were exploited in the attack but were told the agency did not have enough resources to provide direct support, according to a source familiar with the requests. The person noted the slow response has only increased the perception that CISA is overstretched.
Multiple sources told CNN that CISA, which operates as the Department of Homeland Security's cyber arm, does not have the appropriate level of funding or necessary resources to effectively handle an issue of this magnitude.
"It's a two-year-old agency with about 2,000 employees, so clearly that level of responsibility is not commensurate with the resources that they have," Kiersten Todt, a former Obama cybersecurity official and managing director of the Cyber Readiness Institute, recently told CNN.
CISA was established when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. Congress has incrementally increased the agency's funding in the years since.
In November, the GOP-led Senate appropriations committee recommended that CISA receive approximately $2 billion in fiscal year 2021 funding, $270 million more than Trump's budget request sought.
The spending bill signed into law last month is consistent with the appropriation committee's $2 billion recommendation, which includes $1.2 billion in cybersecurity for the protection of civilian Federal networks.
But former officials and experts say more resources are needed for CISA to handle its ever-increasing workload.
"The 'Nation's Risk Advisors' need more resources if we as a country expect them to help critical infrastructure companies during a crisis," according to Brian Harrell, who served as Assistant Secretary for Infrastructure Protection at DHS before resigning in August.
"The budget is lacking and a better pipeline of subject matter expertise needs to be built," he added.
Krebs fired
Trump further hamstrung CISA last fall after he summarily fired Christopher Krebs, the agency's director, who had refused to support Trump's baseless claims that the 2020 presidential election was marred by irregularities. Another top CISA official, Bryan Ware, was also forced to resign.
Since Krebs' firing, CISA has not held a press briefing on the suspected Russian hack.
"CISA is not capable," according to James Andrew Lewis, cybersecurity and technology expert at the Center for Strategic and International, who added that the agency's failure to detect the breach months ago was largely due to the fact its attention and resources were consumed by efforts to secure the 2020 presidential election.
"CISA has always been and will continue to be slammed by the responsibilities heaped on it by law," Daniel Dister, New Hampshire's chief information security officer, told CNN. "They have been overloaded with work from the start and have had a hard time coming up to the level of expertise that DoD/CYBERCOM/NSA has enjoyed."
In the weeks since the hack was disclosed, CISA has taken a lead role advising federal agencies on the steps they should take to secure their networks. As part of its work to protect the 2020 elections, CISA also has developed strong relationships with state and local governments, as well as the private sector.
Those ties have now made it the unofficial point agency for hundreds if not thousands of outside organizations desperate for answers. The demands of that role were never foreseen by Congress when it created CISA, Dister and other experts said.
Since the hack was discovered, CISA has held multiple phone calls a week to brief public and private stakeholders. But, Dister said in a recent interview, little has been shared on the calls that isn't already publicly known.
CISA defended its handling of the fallout, saying that it has been "rapidly sharing information and providing technical support to our partners as we work to understand the scope of the campaign."
"Everyone who has requested CISA support has received it - without delay - and that will not change as we are prepared for a sustained effort," Wales, CISA's acting director, said in a statement to CNN, adding that the agency has "aggressively used all of the tools at our disposal to counter this campaign."
"CISA, alongside our interagency partners, will continue to lead decisively, share broadly and communicate loudly until our job is done and our networks are secure," he said.
As concerns mount that CISA is overwhelmed, Trump is considering putting more on its plate before he leaves office by issuing three cyber presidential determinations in the coming days, according to an administration official.
Among them will be a decree transferring certain authorities from the Department of Defense, to CISA.
"We'd be putting all of our eggs in a very small basket," the administration official said, referring to CISA's limited ability to handle such a massive undertaking.
This is all compounded by the fact that the number of government agencies affected by the attack continues to increase, a steady drip of new revelations that has largely undercut attempts to reassure the public.
CISA has attempted to allay some concerns about its ability to facilitate a coordinated response by releasing advisories for those agencies affected by the breach.
The statement also suggests CISA is leaning on the expertise of the intelligence community as it responds to the incident, noting in Wednesday's statement that the recommended software update was scrubbed by top cybersecurity officials at the National Security Agency who "examined this version and verified that it eliminates the previously identified malicious code."
CISA's nod to NSA was largely viewed by experts as an attempt to reinforce the importance of a whole of government approach, something one CISA official told CNN is a daily focus for the agency.
Politics taking precedent
The political climate during Trump's final weeks in office has only made the situation more challenging for CISA and its federal partners.
Privately, some Trump appointees at agencies affected by the breach have made clear their priority is identifying ways the incident could hurt the President politically, according to a source familiar with the discussions.
After one briefing about the attack, top officials at the Department of Energy repeatedly pressed representatives from the NSA to identify potential political ramifications for the President, according to a source familiar with the discussion.
"That was their key concern," the source said, referring to the line of questioning from top DOE officials during that briefing earlier this month.
"Part of the problem is the White House isn't really in charge anymore," said Lewis of CISA. "They got rid of cyber coordinator ... They lost that central coordination," he said. "DoJ, DoD won't look kindly on CISA telling them what to do. It's better than it used to be but they're in a hard spot politically."
CNN has also previously reported that the Biden team is becoming increasingly frustrated with the lack of information it has received from the Trump administration, as sources close to the transition process say critical details about the attack are being withheld.
The lack of coordination could present a challenge for President-elect Joe Biden once he is sworn into office as he will likely face significant pressure to not only respond to this latest attack but address some of the underlying issues related to how cybersecurity decisions are made.
"They need to restore central direction in the White House and put White House authority behind CISA. They need to go back to central direction that was in the Obama White House," according to Lewis. "Secretary of Homeland Security has to take this seriously. That's always been a problem."
More broadly, the SolarWinds hack must be a "wake-up call for the United States," said Gilman Louie, CEO of Looking Glass Solutions, a cyber security firm.
"We must have our agencies and companies operate in a cooperative and coordinated fashion. We must bring the best talent to bear, regardless of agency, whether from government, industry, or academia, to defend the nation from future cyber-attacks from state actors," he said.
This story has been updated with a statement from CISA.
Comment
-
Comment
-
Re: How Russia hacked the Democrats email
US government formally blames Russia for SolarWinds hack
Joint statement from the FBI, CISA, ODNI, and NSA says SolarWinds hack was "likely Russian in origin."
Four US cyber-security agencies, including the FBI, CISA, ODNI, and the NSA, have released a joint statement today formally accusing the Russian government of orchestrating the SolarWinds supply chain attack.
US officials said that "an Advanced Persistent Threat (APT) actor, likely Russian in origin" was responsible for the SolarWinds hack, which officials described as "an intelligence gathering effort."
The joint statement semi-confirms a report from the Washington Post last month, which linked the SolarWinds intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).
While US government officials did not link the SolarWinds hack to APT29 nor any other specific hacking group, the joint statement comes to respond to public criticism that the Trump administration was intentionally staying away from attributing the attack to Russian hackers.
These rumors have been going around primarily because of the perceived relation and the help President Trump is believed to have received from Russian hackers during the 2016 Presidential Election.
But the joint statement also comes to address another issue. The statement also formally describes the SolarWinds hack as "an intelligence gathering effort."
US officials hope that categorizing the hack this way will put an end to the constant conspiracy theories going around online that the purpose of the SolarWinds hack was to tamper with voting machines and perform election fraud.
In addition, the joint statement also shed some light on the damage of the attack.
The SolarWinds supply chain attack took place after Russian hackers broke into SolarWinds' backend infrastructure and added malware (named Sunburst/Solorigate) to SolarWinds Orion update packages.
Around 18,000 Orion customers received and installed these updates, but only on a few of these networks, Russian hackers chose to escalate the attacks with a second-stage malware payload called Teardrop.
While the first-stage Sunburst malware payload was spotted on thousands of systems, the four agencies said that that "fewer than ten US government agencies" were targeted with additional malware.
.. President Elect Biden has promised retaliation once US Cyber Command formally identified the aggressor.Comment
-
Re: How Russia hacked the Democrats email
...
On top of assessing the damage, investigators are working to uncover exactly how the attackers gained access to US networks. The focus on SolarWinds, a private contractor attackers exploited to gain access to potentially thousands of public- and private-sector organizations, is continuing.
The FBI is involved with the case and is examining whether the infiltration involved the company's operations in Eastern Europe, according to two sources familiar with the matter. The intelligence community is also examining the company's operations in Eastern Europe.
SolarWinds outsourced a great deal of its technical expertise to employees and software engineers in countries including Belarus, Poland and the Czech Republic. One former National Security Agency official told CNN on Monday that foreign employees working for American IT firms in those countries are considered prime targets for recruitment by Russian intelligence services.Comment
-
Re: How Russia hacked the Democrats email
It is kinda funny how trump has all the amigos defending Russia when Russia has, up until now, always been the enemy.Comment
Comment