• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
in Security
0
How to Understand the Russia Hack Fallout
Share on FacebookShare on Twitter

This means there are really three subgroups within the potential victims of these attacks: Orion users who installed the backdoor but were never otherwise exploited; victims who had some malicious activity on their networks, but who ultimately weren’t appealing targets for attackers; and victims who were actually deeply compromised because they held valuable data.

“If they didn’t exfiltrate data, it’s because they didn’t want it,” says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. “If they didn’t take access, it’s because they weren’t interested in it.”

No One Knows How Deep Russia’s Hacking Rampage Goes

Even so, that first and second group still need to neuter the backdoor to prevent future access. Since it was able to analyze indicators from its own breach, FireEye led an effort that other firms have since joined to publish information about the anatomy of the attacks. Some of the “indicators of compromise” include IP addresses and Domain Name Service record responses associated with the attackers’ malicious infrastructure. Responders and victims can use this information to check whether servers or other devices on their networks have been communicating with the hackers’ systems. Microsoft also worked with FireEye and GoDaddy to develop a sort of “kill switch” for the backdoor by seizing control of IP addresses the malware communicates with, so it can’t receive commands anymore.

Eliminating the backdoor is crucial, especially since the attackers have still been actively exploiting it. And now that the technical details about their infrastructure are public, there’s also a risk that other hackers could piggyback on the malicious access as well if it’s not locked down.

In the House

For victims who suffered deeper compromise, though, simply closing the door is not enough, because attackers have already established themselves inside.

For clear targets like US government agencies, the question is what exactly attackers got access to and what bigger picture that information can paint in terms of geopolitics, US defensive and offensive capabilities across the Department of Defense, critical infrastructure, and more.

Identifying exactly what was taken is challenging and time consuming. For example, some reports have indicated that hackers breached critical systems of the Department of Energy’s National Nuclear Security Administration, which is responsible for the US nuclear weapons arsenal. But DOE spokesperson Shaylyn Hynes said in a statement late Thursday that while attackers did access DOE “business networks,” they did not breach “the mission-essential national security functions of the Department.”

“The investigation is ongoing, and the response to this incident is happening in real time,” Hynes said.

This is the situation for all victims at this point. Some targets will go on to discover that they were impacted more deeply than they initially believed; others may find that hackers kicked the tires but didn’t go any further. This is the core danger of a supply chain attack such as the SolarWinds breach. Attackers get a huge amount of access all at once and can have their pick of the victims while responders are left playing catch up.

Though it’s difficult to establish the full scope of the situation, researchers have been making a concerted effort to sort out who was hit and how badly. By tracking and linking IP addresses, DNS records, and other attacker flags, security analysts are even developing methods to proactively identify targets. Kaspersky Labs, for example, released a tool on Friday that decodes DNS requests from the attackers’ command-and-control infrastructure that could help indicate which targets the hackers prioritized.

The news about the hacking spree will likely continue for weeks as more organizations identify where they fit in the rubric of potential targets. Microsoft president Brad Smith wrote on Thursday that the company has notified more than 40 customers about signs of deep intrusion on their networks. And Microsoft says that while the vast majority of these victims are in the US, some are in seven other countries: Canada, Mexico, Belgium, Spain, the United Kingdom, Israel, and the United Arab Emirates. “It’s certain that the number and location of victims will keep growing,” Smith added.

Later that night, Microsoft confirmed that it had been compromised in the campaign as well.


More Great WIRED Stories

Previous Post

After lockdowns boost gaming marketplace Eneba, it raises $8M from Practica and InReach – TechNewHero

Next Post

Track your mileage for free with Hurdlr

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
A Massive Fraud Operation Stole Millions From Online Bank Accounts
Security

A Massive Fraud Operation Stole Millions From Online Bank Accounts

by technewshero
December 21, 2020
Next Post
Track your mileage for free with Hurdlr

Track your mileage for free with Hurdlr

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Best external hard drive and SSD for 2021: Mac, PC, PS4 and Xbox

Best external hard drive and SSD for 2021: Mac, PC, PS4 and Xbox

January 13, 2021
Here’s your chance to meet with Sequoia’s partners at TC Early Stage – TechNewHero

Here’s your chance to meet with Sequoia’s partners at TC Early Stage – TechNewHero

December 15, 2020
Genki’s Covert Dock is the perfect dock for the Nintendo Switch — and other gadgets, too – TechNewHero

Genki’s Covert Dock is the perfect dock for the Nintendo Switch — and other gadgets, too – TechNewHero

December 14, 2020

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?