What happened?

The current US government, Trump administration acknowledged that the U.S Treasury department along with the U.S Department of Commerce were targeted by a cyberattack. The Trump administration reports that a foreign government carried out this cyberattack via a cyber criminal group. The cyber attackers are said to have also spied on the emails of the U.S Treasury.


What did the officials say?

“We can confirm there has been a breach in one of our bureaus,” a commerce spokesperson told to CBS. John Ullyot, National Security Council spokesman, said “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” in an email to CNBC.

According to the sources of Reuters, they said russia is currently believed to be responsible for the cyber attack. The people associated with the investigation said to reuters they feared the hack that has been discovered may just be the tip of the iceberg.

A CISA spokesperson said, ” We have been working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”

Here’s a tweet thread from the former head of CISA, Christopher krebs on the incident:

(1)

2

And here’s the tweet from the Cybersecurity and Infrastructure Security Agency(CISA):


What is the cause of this attack?

As per the information released by CISA, SolarWinds Orion products were compromised by the malicious actors in order to pull this off. CISA has issued a directive for all federal civilian agencies to review their networks for indicators of compromise and also issued an instruction to disconnect or shut down their SolarWinds Orion products immediately.

as per CISA’s press release “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,”said the acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.” Reuters reported that from the commerce department, National Telecommunications and Information Administration had specifically been affected.

FireEye, recently released a report on their blog post stating that it had discovered a “global intrusion campaign” which FireEye named “widespread“. This report is being used to link up this cyber attack as it mentions the vulnerability of SolarWinds products being used in corporations and Government agencies. “The actors behind this campaign gained access to numerous public and private organizations around the world,” FireEye said. FireEye is also a victim of a cyberattack which it faced last week.


What is SolarWinds company? What did they say about the incident?

Solarwinds is a company which provides tech services to government agencies, corporations in USA. The company had also acknowledged a potential vulnerability regarding to their software update released previously. SolarWinds CEO kevin Thompson said,”We are aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products.”

He also added,”We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time.”


What should you do to prevent yourself/company from such cyber attacks?

Data breaches, Data leaks, DDoS, Ransomware attacks, Defacing of websites etc can be quiet damaging to not only the finances of a organisation/individual but also affects their reputation and other aspects in the industry. There aren’t any proactive counter measures which can help you during such attacks though. Hence, it is always better to prepare, as Prevention is better than cure.

Here are some steps you can take to ensure your preventive measures against such scenarios:

  • Educate and train yourself & your employees against such attacks. Training against the known attack procedures can help you in long way.
  • Do not open any email whose source can’t be trusted. report the same to your admins for further investigation.
  • It is better to backup all the data that is being stored in your devices or servers. it is always better to have offline backups which can come in handy during such scenarios.
  • Rely on a good and trusted Security tools and solutions. No compromise can be done here as they are guarding your business.
  • Keep your private and work devices separate. If not possible, at least use different user environment on devices.
  • Always check about the bugs/vulnerabilities of the hardware and software you use, on their respective manufacturers page. They always release patches for their products, so be sure to install all those patches on time.
  • Use trusted VPN provider for your/organization devices and network. Don’t fall into the free VPN trap. They usually don’t work and store your information.
  • Always keep your devices up to date. You should install all the latest patch, drivers that are released only by the hardware manufacturer of your devices.
  • Try not to access websites whose identity cannot be verified. Most of these websites can be identified by their shady website UI and offering of Paid software’s in free.
  • Always listen to your IT Security consultant and plan your steps accordingly. You might know your business well, but your IT security consultant knows your systems and network better.
  • Do not pay ransom to the ransomware operators ever. This would never ensure whether you would get your data back or the operators would not public or delete your data.

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.