CISA Cites Likely Russian Solar Winds Involvement – Expert Perspective

CISA has just issued a statement citing that Russia is “likely” behind SolarWinds attack, with the FBI, NSA and The Office of The Director of National Intelligence (ODNI) and acknowledging the formation of a task force. Excerpt: On behalf of President Trump, the National Security Council staff has stood up a task force construct known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks. The UCG is still working to understand the scope of the incident but has the following updates on its investigative and mitigation efforts. This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly. The UCG believes that, of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number have been compromised by follow-on activity on their systems. We have so far identified fewer than ten U.S. government agencies that fall into this category, and are working to identify and notify the nongovernment entities who also may be impacted…

Experts Comments

January 06, 2021
Saryu Nayyar
CEO
Gurucul

The cold war isn't over. It just moved to the internet.  And the SolarWinds attack is a perfect example of a State or State Sponsored actor turning their resources to cyberattack.  Unlike typical cybercriminals, these threats at this level have almost unlimited resources and will target virtually anything that may forward their agenda.

 

It is likely the damage from this attack will run much deeper than is revealed to the public, but it may serve as a wakeup call that organizations and vendors

.....Read More

The cold war isn't over. It just moved to the internet.  And the SolarWinds attack is a perfect example of a State or State Sponsored actor turning their resources to cyberattack.  Unlike typical cybercriminals, these threats at this level have almost unlimited resources and will target virtually anything that may forward their agenda.

 

It is likely the damage from this attack will run much deeper than is revealed to the public, but it may serve as a wakeup call that organizations and vendors at all levels need to up their cybersecurity game.  They need to assess their current security posture and make sure they have the best possible components in place, including security analytics.  The benefit is that designing defenses to blunt State level attackers should be more than enough to thwart common cybercriminals.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.