Here we go again with the Russian crap, do these reprobates ever come up with any new material. These communists make me want to puke.
: Data crunching consequences of SolarWinds cyberattack
: December 17, 2020
: Thousands of companies and institutions across the globe have
: to check if they have been hacked via security software
: from Texan firm SolarWinds at the heart of a cyberattack on
: several US government agencies.
: Here is what we know to date about the sophisticated attack: -
: How did the hackers get in? -
: Hackers managed to compromise and instal malware on a piece of
: security software -– the Orion security tool developed by
: SolarWinds which is used for management and supervision of
: IT networks at many large companies and several US
: government agencies.
: Rather than attack directly clients who include top accounting
: firms -- but also the full gamut of military branches --
: the hackers aimed to compromise the software's automatic
: update function.
: Beyond the content of the data hacked, the break-in further
: allowed the crypto burglars to gain an idea of their
: victim's systemic structural vulnerabilities.
: The attack was discovered by cybersecurity company FireEye,
: which, along with SolarWinds, has pointed the finger at
: people linked to the Russian government.
: Taking care only to upload stolen data in relatively small
: quantities, the hackers reportedly breached software used
: by the US Treasury Department, the Commerce Department and
: the Department of Homeland Security, allowing them to view
: internal email traffic, prompting an FBI investigation.
: The software had enjoyed much commercial success based not
: least on its state of the art ergonomic interface.
: The malware was laced into the software updates that breached
: network security and allowed access to data including mail,
: with FireEye saying the breaches began around last March.
: - Who are the victims? -
: According to SolarWinds, 18,000 users of Orion have
: potentially suffered a security breach, including
: government agencies and Fortune 500 companies.
: For now, experts say the hackers seem primarily to have used a
: security flaw, dubbed Sunburst, to break into US
: governmental agencies, insert malicious code and gain
: access to data to aid state espionage.
: Story continues
: Source: https://money.yahoo.com/unquantified-consequences -
: People are asking is a foreign government involved in this
: attack? Like China or Russia???
: Is the U.S. facing a Cyber Pearl Harbor?
: Thomas P. Bossert writes: At the worst possible time, when the
: United States is at its most vulnerable — during a
: presidential transition and a devastating public health
: crisis — the networks of the federal government and much of
: corporate America are compromised by a foreign nation. We
: need to understand the scale and significance of what is
: Last week, the cybersecurity firm FireEye said it had been
: hacked and that its clients, which include the United
: States government, had been placed at risk. This week, we
: learned that SolarWinds, a publicly traded company that
: provides software to tens of thousands of government and
: corporate customers, was also hacked.
: The attackers gained access to SolarWinds software before
: updates of that software were made available to its
: customers. Unsuspecting customers then downloaded a
: corrupted version of the software, which included a hidden
: back door that gave hackers access to the victim’s network.
: This is what is called a supply-chain attack, meaning the
: pathway into the target networks relies on access to a
: supplier. Supply-chain attacks require significant
: resources and sometimes years to execute. They are almost
: always the product of a nation-state. Evidence in the
: SolarWinds attack points to the Russian intelligence agency
: known as the S.V.R., whose tradecraft is among the most
: advanced in the world.
: According to SolarWinds S.E.C. filings, the malware was on the
: software from March to June. The number of organizations
: that downloaded the corrupted update could be as many as
: 18,000, which includes most federal government unclassified
: networks and more than 425 Fortune 500 companies.
: The Russians have had access to a considerable number of
: important and sensitive networks for six to nine months.
: The Russian S.V.R. will surely have used its access to
: further exploit and gain administrative control over the
: networks it considered priority targets. For those targets,
: the hackers will have long ago moved past their entry
: point, covered their tracks and gained what experts call
: “persistent access,” meaning the ability to infiltrate and
: control networks in a way that is hard to detect or remove.
: While the Russians did not have the time to gain complete
: control over every network they hacked, they most certainly
: did gain it over hundreds of them. It will take years to
: know for certain which networks the Russians control and
: which ones they just occupy.
: The logical conclusion is that we must act as if the Russian
: government has control of all the networks it has
: President Trump is on the verge of leaving behind a federal
: government, and perhaps a large number of major industries,
: compromised by the Russian government. He must use whatever
: leverage he can muster to protect the United States and
: severely punish the Russians.
: President-elect Joe Biden must begin his planning to take
: charge of this crisis. He has to assume that communications
: about this matter are being read by Russia, and assume that
: any government data or email could be falsified. [Continue