Implications Of Russian Solarwinds Hackers New Email Attack On Government Agencies

By   ISBuzz Team
Writer , Information Security Buzz | May 31, 2021 05:02 am PST

BACKGROUND:

It has been reported that the state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted phishing assault on US and foreign government agencies and thinktanks this week using an email marketing account of the US Agency for International Development (USAid), Microsoft has said. The effort targeted about 3,000 email accounts at more than 150 different organisations, at least a quarter of them involved in international development, humanitarian and human rights work, the Microsoft vice-president Tom Burt wrote in a blog post late on Thursday.

Subscribe
Notify of
guest
4 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
John Hultquist
John Hultquist , Director of Intelligence Analysis
May 31, 2021 1:09 pm

<p>FireEye has been tracking multiple waves of related spear phishing emails that have been sent since March 2021. In addition to the USAID content, they have leveraged a variety of lures, including diplomatic notes and invitations from embassies. All of these operations have focused on government, think tanks, and related organizations that are traditionally targeted by SVR operations.</p> <p> </p> <p>Though the SolarWinds activity was remarkable for its stealth and discipline, loud, broad spearphishing operations were once the calling card of SVR operators who often carried out noisy phishing campaigns. Those operations were often effective, gaining access to major government offices among other targets. And while the spear phishing emails were quickly identified, we expect that any post-compromise actions by these actors would be highly skilled and stealthy.</p> <p> </p> <p>The most recent activity appears to have ramped up just as the supply chain based compromises were spinning down. Given the brazen nature of this incident, it does not appear the SVR is prepared to throttle down on their cyberespionage activity, let alone go to great efforts to hide new activity. In fact, this incident is a reminder that cyber espionage is here to stay.</p>

Last edited 2 years ago by John Hultquist
Sam Curry
Sam Curry , Chief Security Officer
May 31, 2021 1:07 pm

<p>The newest attack on U.S. and foreign government agencies by suspected Russian threat actors is a reminder of how big of a challenge it is for public and private sector organisations to protect their networks. It’s not a surprise at all that this breach started through a phishing email because, while human beings are the whole point of the systems we build, they are also the Achilles Heel of these systems.</p> <p> </p> <p>It’s long past time for organisations to do more than the minimum to stop material losses and the daily headlines of mayhem. It’s time to tighten up and get the security practices right; least privilege, resilience, planning for the worst and a detection mindset. Don’t just do more of the same – presume infection and get good at preventing it, finding it, recovering from it, and limiting the blast radius when it happens. Today, the asymmetry in cyber conflict favours attackers and, so far, the attackers are getting more effective at a faster rate than defenders are. This is not cause for despair, but it is a wake-up call for innovation and to find new methods of working together and of countering them. There is a call to arms to all of us to protect the connected world and to reverse this trend. There are ways to be safe and to boost our mutual protection, but simply doing more of the same is a recipe for disaster.</p> <p> </p> <p>No one should lose sight of the fact that threat groups are oftentimes large organisations numbering in the hundreds of people with support networks, investors, partners, labs, cloud operations and more. This isn’t 5 guys and a coffee machine. Imagine a modern, lean, entrepreneurial Silicon Valley organisation. Now move it to Russia, China, North Korea or Iran and give it protection from the state and unleash it to make money, perform espionage, conduct operations and more with no holds barred.</p>

Last edited 2 years ago by Sam Curry
Javvad Malik
Javvad Malik , Security Awareness Advocate
May 31, 2021 1:05 pm

<p>Nation state and organised criminals are continuing to ramp up activities. While organised crime gangs are motivated by financial gain, nation state groups are more interested in espionage and disrupting governments. </p> <p> </p> <p>However, be they organised criminals or nation state actors, phishing remains one of the most popular and effective means through which they gain unauthorised access to systems.</p> <p> </p> <p>Therefore, organisations and government departments need to put in place measures to protect, detect, and respond to phishing attacks. Ideally, this needs to be a layered control with a mix of technical and procedural controls as well as investing in security awareness and training for users.</p>

Last edited 2 years ago by Javvad Malik
Paul Bischoff
Paul Bischoff , Privacy Advocate
May 31, 2021 1:04 pm

<p>Government agencies should operate under the assumption that they are always being targeted by cyber attacks. Even in the unlikely event that US authorities can identify a hacker, a state-sponsored hacker would face few consequences and would probably be able to continue hacking with impunity. Russia is not going to take action against its own hackers. With little legal means to prosecute hackers, agencies must maintain constant vigilance and defense. That includes both cybersecurity to prevent hackers from exploiting vulnerabilities, as well as operational security to prevent human error that can lead to compromise. While the US military and intelligence agencies might be able to retaliate with counterattacks, the majority of government agencies have no such cyber warfare capabilities.</p>

Last edited 2 years ago by Paul Bischoff

Recent Posts

4
0
Would love your thoughts, please comment.x
()
x