Cyber Attacks in the U.S.
The U.S. Government Agencies Hacked in Global Cyber Espionage
Hackers, believed to be from Russia, launched a cyberattack into the government computer networks of the U.S. It included the Department of Homeland Security, Defense Department, State Department, National Institutes of Health, Department of Commerce and Treasury.
“The U.S. government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation”, said John Ullyot, spokesman for the National Security Council.
A spokesperson for CISA also confirmed that they have been working closely with the departments affected by the hack.
Hackers are believed to have exploited the vulnerabilities in widely used software, SolarWinds. The software company has more than 300,000 customers worldwide. According to the company, the software was affected by a virus when the update for the software was released between March and June 2020.
Relating to the incident, federal agencies have been told to disconnect their SolarWinds software that was manipulated to break into the network
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation-state,” said Kevin Thompson, CEO of the software company.
According to several reports, the hackers are believed to be the APT29 hacking group, also is known as “the Dukes” or “Cozy Bear.” The group also has close ties to Russian intelligence, but SolarWinds has not confirmed the identity of its attackers.
It is also believed in the community that the hackers used a similar tool to break into other government agencies. And it was reported that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye.
Reportedly, the hackers’ exploitation to gain access to the company networks points to the 18,000 customers of SolarWinds that downloaded the software.
As per the company’s investigation, the hackers accessed the company’s cybersecurity testing tools. The company’s chief executive, Kevin Mandia said that the hackers had used new sophisticated techniques that neither the company nor the partners of the company had ever witnessed in the past.
However, not all companies that are using the software are affected but among those affected include high profile U.S. government agencies. Following the incident, the CISA has issued an emergency directive urging all federal agencies to check for any compromised data.
A report from the SolarWind software company has informed at-risk customers to upgrade to newer versions of the software to ensure the security of the risk.
Hackers Breached U.S. Agencies Thrice in Two Years!
This cyberattack is Cozy Bear’s third attempt targeting the US agencies in two years. The first was back in 2014 when the group launched a cyberattack targeting the White House and the Department of State.
It was considered the worst hack ever faced by the US government and it took three months to clean the system.
And in 2015, the group attempted to hack the Pentagon’s email system. It affected around 4,000 military and civilian personnel, including high ranking officials within the organization. It was the same year that the Democratic National Committee (DNC) was hacked when the hackers obtained classified information.
In 2016, Cozy Bear was claimed to be behind the five waves of phishing campaigns in the U.S. based think tanks and NGOs. And early this year in July, the group was accused of hacking into the National Security Agency, Security Centre, and National Counterintelligence, as well as the Canadian Centre for Cybersecurity.
The group tried to steal the data that are related to the COVID-19 vaccine and treatments that were developing in the US, UK, and Canada. These reports are concerning since hackers are becoming a major threat to every industry. It is a reminder that no company is cybersecurity guaranteed.
Moreover, it has been less than two weeks since the world celebrated International Computer Security Day. A day that reminds every individual and organization to take preventive measures to prevent cyber hacks and threats.
Every organization should follow basic cybersecurity practices to address the issue which can cost more for recovery in days to come. Basic practices including cybersecurity risk assessment to identify the loopholes and prioritize the threats and a routine check of the organization’s IT infrastructure with penetration testing.
Most of the time all it takes is one small mistake from an employee to put the organization’s cybersecurity at hazard. So, organizations should also focus on training employees with tools like ThreatCop to make them aware of the cybersecurity risk happening around the world.
Moreover, it is advisable to implement security measurements for securing the email domain with tools like KDMARC that ensures that your email domain is secure and prevent against domain forgery.
