Friday, March 5, 2021

Cybersecurity firm: Booting hackers a complex chore

Must read

Archeologists find intact ceremonial chariot near Pompeii

MILAN (AP) — Officials at the Pompeii archaeological site in Italy announced Saturday the discovery of an intact ceremonial chariot, one of several important...

Analysis: NBA All-Star break could lead to testing pratfalls

MIAMI (AP) — The NBA should be worried about this weekend, and that has nothing to do with holding an All-Star Game during the...

Photo of faith leaders praying over golden Trump statue is digitally altered

If Your Time is shortThe image is altered. The real photograph is from January 2020 and shows faith leaders praying with then-President Donald Trump,...

8 Democrats defect on $15 minimum wage hike

Even if the legislative filibuster were eliminated — as progressives are calling for to help raise the wage with a simple Senate majority —...

BOSTON (AP) — Efforts to assess the impact of a more than seven-month-old cyberespionage campaign blamed on Russia — and boot the intruders — remain in their early stages, says the cybersecurity firm that discovered the attack.

The hack has badly shaken the U.S. government and private sector. The firm, FireEye, released a tool and a white paper Tuesday to help potential victims scour their cloud-based installations of Microsoft 365 — where users’ emails, documents and collaborative tools reside — to determine if hackers broke in and remain active.

The aim is not just to ferret out and evict the hackers but to keep them from being able to re-enter, said Matthew McWhirt, the effort’s team leader.

“There’s a lot of specific things you have to do — we learned from our investigations — to really eradicate the attacker,” he said.

Since FireEye disclosed its discovery in mid-December, infections have been found at federal agencies including the departments of Commerce, Treasury, Justice and federal courts. Also compromised, said FireEye chief technical officer Charles Carmakal, are dozens of private sector targets with a high concentration in the software industry and Washington D.C. policy-oriented think tanks.

On Tuesday, the security software company Malwarebytes announced that it was among the victims — and said it was compromised through the very Microsoft email system the FireEye tool aims to button down.

The intruders have stealthily scooped up intelligence for months, carefully choosing targets from the roughly 18,000 customers infected with malicious code they activated after sneaking it into an update of network management software first pushed out last March by Texas-based SolarWinds.

“We continue to learn about new victims almost every day. I still think that we’re still in the early days of really understanding the scope of the threat-actor activity,” said Carmakal.

During a Senate confirmation hearing on Tuesday, national intelligence director nominee Avril Haines said she’s not yet been fully briefed on the campaign but noted that the Department of Homeland Security has deemed it “a grave risk” to government systems, critical infrastructure and the private sector and “it does seem to be extraordinary in its nature and its scope.”

The public has not heard much about who exactly was compromised because many victims still can’t figure out what the attackers have done and thus “may not feel they have an obligation to report on it,” said Carmakal.

“This threat actor is so good, so sophisticated, so disciplined, so patient and so elusive that it’s just hard for organizations to really understand what the scope and impact of the intrusions are. But I can assure you there are a lot of victims beyond what has been made public to date,” Carmakal said.

On top of that, he said, the hackers “will continue to obtain access to organizations. There will be new victims.”

Microsoft disclosed on Dec. 31 t hat the hackers had viewed some of its source code. It said it found “no indications our systems were used to attack others.” On Tuesday, Malwarebytes said it had determined that “the attacker only gained access to a limited subset of internal company emails” and said the conduit — Microsoft’s Azure cloud services — are not used in its software production environments.

Carmakal said he believed software companies were prime targets because hackers of this caliber will seek to use their products — as they did with SolarWinds’ Orion module — as conduits for similar so-called supply-chain hacks.

The hackers’ programming acumen let them forge the digital passports — known as certificates and tokens — needed to move around targets’ Microsoft 365 installations without logging in and authenticating identity. It’s like a ghost hijacking, very difficult to detect.

They tended to zero in on two types of accounts, said Carmakal: Users with access to high-value information and high-level network administrators, to determine what measures were being taken to try to kick them out,

If it’s a software company, the hackers will want to examine the data repositories of top engineers. If it’s a government agency, corporation or think tank, they’ll seek access to emails and documents with national security and trade secrets and other vital intelligence.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Archeologists find intact ceremonial chariot near Pompeii

MILAN (AP) — Officials at the Pompeii archaeological site in Italy announced Saturday the discovery of an intact ceremonial chariot, one of several important...

Analysis: NBA All-Star break could lead to testing pratfalls

MIAMI (AP) — The NBA should be worried about this weekend, and that has nothing to do with holding an All-Star Game during the...

Photo of faith leaders praying over golden Trump statue is digitally altered

If Your Time is shortThe image is altered. The real photograph is from January 2020 and shows faith leaders praying with then-President Donald Trump,...

8 Democrats defect on $15 minimum wage hike

Even if the legislative filibuster were eliminated — as progressives are calling for to help raise the wage with a simple Senate majority —...

300 activists rally in Bangladesh to denounce prison death

DHAKA, Bangladesh (AP) — About 300 student activists rallied in Bangladesh’s capital on Monday to denounce the death in prison of a writer and...