Cyber, this is how Russia challenges Biden again

by Start Magazine editorial staff Cyber, this is how Russia challenges Biden again

The Russian hacker attack affected thousands of government computers and appeared to be aimed at acquiring data stored in the cloud. Trouble in sight for Microsoft and Amazon, writes the NYT

Russia's leading intelligence agency has launched another campaign to break into thousands of US government computers, also threatening companies and think-tanks. Microsoft officials and cybersecurity experts said last Sunday, just months after President Biden imposed sanctions on Moscow in response to a series of sophisticated spying operations Russia had conducted around the world. The New York Times writes about it. The new effort is "very large, and it is underway," Tom Burt, a top security officer at Microsoft, said in an interview. Government officials confirmed that the operation, apparently aimed at acquiring data stored in the cloud, appeared to come from the S.V.R., the Russian intelligence agency that was the first to enter the Democratic National Committee networks during the 2016 elections. While Microsoft insisted that the percentage of successful breaches was minimal, it did not provide enough information to accurately measure the severity of the theft. Earlier this year, the White House accused the S.V.R. for so-called SolarWinds hacking, a highly sophisticated attack to alter the software used by government agencies and the nation's largest corporations, giving the Russians wide access to 18,000 users. President Biden said the attack undermined confidence in the government’s core systems and swore retaliation for both the intrusion and election interference. But when he announced sanctions against Russian financial institutions and technology companies in April, he reduced the sentence. "I was clear with President Putin that we could go further, but I chose not to," Biden said at the time, after calling the Russian leader. “Now is the time for a de-escalation”. American officials insist that the type of attack reported by Microsoft falls into the category of the type of espionage that the great powers regularly conduct against each other. Still, the operation suggests that even as the two governments say they meet regularly to combat ransomware and other Internet-age threats, the weakening of networks continues apace in an accelerating arms race since the countries began. to seek information for Covid-19 vaccines and a variety of trade secrets. "The spies are going to spy," said John Hultquist, the vice president of intelligence analysis at Mandiant, the company that first detected the SolarWinds attack, at the Cipher Brief Threat Conference on Sea Island, where he many cyber experts and intelligence officials met. "But what we have learned from this is that the S.V.R., Which is very good, is not slowing down." It is not clear how successful the last campaign was. Microsoft said it had communicated to more than 600 organizations that approximately 23,000 attempts were made to break into their systems. but he also said he had detected only 20,500 targeted attacks by "all national state actors" in the past three years. Microsoft further stated that only a small percentage of the latest attempts were successful, but did not provide details or indicate how many of the organizations were compromised. American officials confirmed that the operation, which they consider routine espionage, took place. But they insisted that if it succeeded, it was Microsoft along with the other cloud service providers that had much of the responsibility. A senior administration official called the latest attacks "unsophisticated and routine operations that could have been avoided if cloud service providers had implemented basic cybersecurity practices." "We can do a lot of things," the official said, "but the responsibility for implementing simple cybersecurity practices to lock their - and by extension, our - digital doors lies with the private sector." Government officials have pushed to put more data in the cloud because it is much easier to secure the information there. Amazon manages the cloud contract of the C.I.A .; During the Trump administration, Microsoft won a huge contract to move Pentagon data to the cloud, even though the program was recently scrapped by the Biden administration in a lengthy legal dispute over how it was awarded. But the most recent attack by the Russians, experts said, was a prom remember that moving to the cloud is not a solution - especially if those administering cloud operations are using insufficient security. Microsoft said the attack focused on its "resellers", companies that customize the use of the cloud for businesses or academic institutions. Russian hackers apparently calculated that if they could infiltrate retailers, these companies would have high-level access to the data they wanted - whether it was government emails, defense technologies, or vaccine research. The Russian intelligence agency was "attempting to replicate the approach it used in past attacks by targeting organizations in the global information technology supply chain," Burt said. That supply chain is the main target of Russian government hackers - and increasingly, Chinese hackers, who are trying to replicate Russia's most successful techniques. In the SolarWinds case late last year, targeting the supply chain showed that Russian hackers had sneakily changed the computer code of the network management software used by companies and government agencies, surreptitiously injecting the corrupt code just as it was coming. shipped to 18,000 users. Once these users updated the new software version - as tens of millions of people update an iPhone every few weeks - the Russians suddenly had access to their entire network. In the latest attack, the S.V.R., known as a stealth operator in the cyber world, used techniques more similar to brute force. As described by Microsoft, the foray involved primarily deploying a huge database of stolen passwords in automated attacks designed to get Russian government hackers into Microsoft's cloud services. It's a messier and less efficient operation - and it would only work if some of Microsoft's cloud service resellers didn't enforce some of the cybersecurity practices the company demanded of them last year. Microsoft said in a blog post to be made public on Monday that it would do more to enforce its resellers' contractual obligations to put security measures in place. "What the Russians are looking for is systemic access," said Christopher Krebs, who headed the Cyber and Infrastructure Security Agency at the Department of Homeland Security until he was fired by Trump last year for claiming that the 2020 elections were handled honestly and without significant fraud. "They don't want to try to get into the accounts one by one." Federal officials say they are aggressively using President Biden's new authorities to protect the country from cyber threats, most notably by monitoring a large new international effort to stop ransomware gangs, many of which are based in Russia. With a new and much larger team of senior officials overseeing the government's cyber operations, Biden has been trying to enforce security changes that should make attacks like the most recent one much more difficult to pull off. In response to SolarWinds, the White House announced a series of deadlines for government agencies, and all contractors dealing with the federal government, to carry out a new round of safety practices that would make them more difficult targets for. Russian, Chinese, Iranian and North Korean hackers. These included basic steps such as a second method of authenticating who is entering an account, similar to how banks or credit card companies send a code to a cell phone or other device to ensure a stolen password is not used. But adherence to the new standards, even if improved, remains discontinuous. Companies often oppose government mandates or say that no set of regulations can meet the challenge of securing different types of computer networks. The administration's attempt to require companies to report violations of their systems to the government within 24 hours, or be subject to fines, has met with intense opposition from corporate lobbyists. (Extract from the foreign press review by Epr Comunicazione)