CISA and CNMF Analysis of SolarWinds-related Malware story at CISA
(the Cybersecurity & Infrastructure Security Agency)
Some Questionable Senator requests: CISA and CNMF Analysis of SolarWinds-related Malware story
How about expanding the NSA and allowing it to automatically fix problems as Cyber attacks come in?
What could be the problem with that?
“But while foreign adversaries didn’t succeed in attacking voter polls, Russia and China have, of late, achieved some dramatic wins. The massive SolarWinds hack, believed to be Russian in origin, has affected a broad swath of the government including the Department of Justice and the Department of Defense. (The Pentagon maintains that they did not lose any classified data.) The Microsoft Exchange Server attack, believed to be Chinese in origin, has also potentially compromised thousands of customers.”
The NSA has been in the middle of a lot of things that it should not.
We know that China and Russia are the main protagonists on the Internet (NKorea and Iran are not too far behind).
First of all what is so bad about this particular hack?
The problem is that SolarWinds was a reputable company that purported to help you with cybersecurity, above is a screenshot of one image of the website slider “Monitor any application and any server anywhere”
If a cybersecurity company can be hacked by a nation-state what exactly is safe?
What if our country makes statements to the effect – ” we are not going to take it anymore” at the following scmagazine.com website link.
“Anticipated for months, the Biden administration unveiled a sweeping set of sanctions and other actions against the Russian government, as well as private individuals and a number of Russian tech and defense companies, that U.S. authorities claim assisted Russian intelligence in hacking and election interference schemes.”
Many advisers immediately declared that the sanctions are not likely to actually get something done versus more Russian hacks.
What about the China hack – the Exchange server hack? zdnet magazine article.
Here is the quote:
“Microsoft told security expert Brian Krebs that the company was made aware of four zero-day bugs in “early” January.
A DEVCORE researcher, credited with finding two of the security issues, appears to have reported them around January 5. Going under the handle “Orange Tsai,” the researcher tweeted:
“Just report a pre-auth RCE chain to the vendor. This might be the most serious RCE I have ever reported.”
According to Volexity, attacks using the four zero-days may have started as early as January 6, 2021. Dubex reported suspicious activity on Microsoft Exchange servers in the same month.”
This particular attack (4 zero days attacks) were likely found by China and used by them to try to infiltrate as many systems as possible before this vulnerability was patched.
These 2 cases (SolarWinds and Exchange server) are going to haunt us Cybersecurity practitioners for many months if not years.
This is a classic case of vulnerabilities found by researchers(exchange server) and nation-states. A serious mistake within a supposed cyber defense company that you depend on.
These issues cannot be solved by Russian or Chinese sanctions. Sanctions are only a face saving measure.
We must adhere to Cybersecurity principles of finding our own vulnerabilities and if the NSA finds them in Microsoft Exchange server (or another software) we have to fix the problems of Cybersecurity.
The SolarWinds debacle is especially bad because it is entirely in the hands of SolarWinds but was a complete failure.
We must have testing and constant probing – review of our processes, people and more. If you are not growing you are stagnant or in a fixed method. By growth I mean to equate the changing nature of cybersecurity. How does one stay ahead of the curve? By making sure there is constant probing and review not by skating by and saving money, or placing the same amount of money in cyber every year.
To solve these problems we have to constantly challenge ourselves to do better.
Contact us to discuss
Buy my book to get started understanding more cybersecurity than last year/month.