- Advertisement -spot_img
Friday, November 26, 2021

Russia challenges Biden again with sweeping cybersecurity operation

SEA ISLAND, Georgia. Russia’s top intelligence agency has launched yet another campaign to infiltrate thousands of U.S. government, corporate and analytical computer networks, Microsoft officials and cybersecurity experts warned Sunday, just months after President Biden imposed sanctions on Moscow in response to a series of sophisticated espionage attacks. operations that he carried out around the world.

“The new effort is very ambitious and ongoing,” Tom Burt, one of Microsoft’s chief security officers, said in an interview. Government officials have confirmed that the operation, apparently aimed at obtaining data stored in the cloud, appears to have come from the SVR, the Russian intelligence agency that first entered the Democratic National Committee’s network during the 2016 elections.

While Microsoft insisted that the rate of successful hacks was low, it did not provide enough information to accurately measure the severity of the theft.

Earlier this year, the White House accused SVR of the so-called SolarWinds hack, a very complex attempt to change the software used by government agencies and the largest companies in the country, giving Russians broad access to 18,000 users. Mr. Biden said the attack undermined confidence in the main systems of government and promised to avenge both the invasion and the interference in the elections. But when he announced sanctions against Russian financial institutions and tech companies in April, he cut fines.

“I made it clear to President Putin that we could go further, but I decided not to,” Biden said at the time after calling the Russian leader. “It’s time for de-escalation.”

US officials insist that the type of attack reported by Microsoft falls under the category of espionage activities that major powers regularly conduct against each other. However, the operation suggests that while the two governments say they meet regularly to combat ransomware and other diseases of the Internet age, network disruption continues at a rapid pace as a result of an arms race that has accelerated as countries have requested data on the Covid vaccine. -19 and a number of industrial and state secrets.

“Spies are going to spy,” John Haltqvist, vice president of intelligence analysis at Mandiant, the company that first discovered the SolarWinds attack, said Sunday at the Cipher Brief Threat Conference in Sea Island, where many cyber experts and intelligence officials met. “But we learned from this that SVR, which is very good, does not slow down.”

It is unclear how successful the last campaign was. Microsoft said it recently notified more than 600 organizations that there were approximately 23,000 attempts to break into their systems. In comparison, the company said that over the past three years, it has detected only 20,500 targeted attacks from “all subjects of the nation-state.” Microsoft said a small percentage of recent attempts were successful, but did not provide details or indicate how many organizations were compromised.

US officials have confirmed that the operation, which they consider to be conventional espionage, is ongoing. But they insisted that if successful, it is Microsoft and similar cloud providers that bear most of the blame.

A senior administration official called the latest attacks “simple business operations that could have been prevented if cloud providers had implemented basic cybersecurity practices.”

“We can do a lot,” the official said, “but the responsibility for implementing simple cybersecurity techniques to lock their – and by extension, our – digital doors rests with the private sector.”

Government officials are pushing for placing more data in the cloud because it is much easier to protect information there. (Amazon fulfills the CIA’s cloud contract; during the Trump administration, Microsoft won a huge contract to move the Pentagon to the cloud, although the Biden administration recently canceled the program due to a long legal dispute over how it was awarded.)

Read Also:  Tesla Shares Drop After Twitter Users Voted Musk To Sell Shares

But the latest attack from the Russians, experts said, was a reminder that moving to the cloud is not a solution, especially if those managing cloud operations are exploiting insufficient security.

Microsoft said the attack targeted its “resellers”, firms that customize cloud usage for companies or academia. Russian hackers have apparently calculated that if they can infiltrate resellers, these firms will have high-level access to the data they need – be it government email, defense technology, or vaccine research.

According to Mr. Burt, the Russian intelligence agency “is trying to replicate the approach it has taken in past attacks by targeting organizations that are integral to the global information technology supply chain.”

This supply chain is a prime target for Russian government hackers – and increasingly for Chinese hackers who are trying to replicate Russia’s most successful practices.

In SolarWinds’ case late last year, targeting the supply chain meant that Russian hackers subtly altered the computer code of the network management software used by companies and government agencies, secretly inserting the corrupted code as it was sent to 18,000 users.

Once these users upgraded to a new version of the software – and tens of millions of people update their iPhones every few weeks – Russians suddenly had access to their entire network.

In the latest attack, SVR, known as a stealth operator in the cyberworld, used techniques more akin to brute force. According to Microsoft’s description, the invasion was primarily associated with the deployment of a huge database of stolen passwords in automated attacks aimed at infiltrating Microsoft cloud services by hackers from the Russian government. It’s a more messy and less efficient operation, and will only work if some of Microsoft’s cloud service resellers aren’t enforcing some of the cybersecurity practices the company required them last year.

Microsoft said in a blog post due to be made public on Monday that it will do more to enforce contractual obligations of its resellers to take security measures.

“The Russians are looking for systemic access,” said Christopher Krebs, who ran the Department of Homeland Security’s Cyber ​​and Infrastructure Security Agency until he was fired last year by President Donald Trump for claiming that the 2020 election was fair and free of significant fraud. … “They don’t want to log into accounts one by one.”

Federal officials say they are aggressively using Mr Biden’s new powers to defend the country against cyber threats, especially noting widespread new international efforts to combat ransomware gangs, many based in Russia. With a new and much larger team of senior officials overseeing government cyber operations, Mr. Biden is trying to make security changes that should make it much more difficult to conduct attacks like the latter.

In response to SolarWinds, the White House has announced a series of deadlines for government agencies and all contractors working with the federal government to implement a new round of security measures that will make them more serious targets for Russia, China, Iran and North Korea. hackers. These include basic steps, such as a second method of authenticating who logs into an account, akin to how banks or credit card companies send a code to a cell phone or other device to ensure that a stolen password is not used.

But compliance with the new standards, while improving, remains fragile. Companies often resist government regulations or claim that no single set of rules can solve the problem of blocking different types of computer networks. The administration’s attempt to require companies to report irregularities in their systems to the government within 24 hours or to face fines has met with strong opposition from corporate lobbyists.

World Nation News Deskhttps://www.worldnationnews.com
World Nation News is a digital news portal website. Which provides important and latest breaking news updates to our audience in an effective and efficient ways, like world’s top stories, entertainment, sports, technology and much more news.
Latest news
Related news
- Advertisement -

Leave a Reply