Wednesday, December 1, 2021

Alleged Russian hacks of Microsoft service providers expose cybersecurity loopholes

Cyber ​​security experts say Microsoft’s recent revelations that alleged Russian hackers successfully attacked multiple IT service providers this year is a sign that many US IT companies have taken the necessary security measures to protect themselves and their customers from intrusions. There is little investment in the measures.

But a consortium of US-based IT professionals says the industry’s efforts to combat foreign hacking attacks are being hampered because their customers are not practicing good cyber habits and the federal government is trying to punish and prevent hackers. Not doing enough.

In a blog post on October 24, Microsoft said that a Russian nation-state hacking group it calls Nobelium had attacked companies reselling, customizing and managing Microsoft cloud services and other digital technologies to public and private customers. Spent three months doing it. Microsoft said it notified 609 of the companies, known as managed service providers, or MSPs, that they were attacked 22,868 times by Nobelium from July 1 to October 19 this year.

Read Also:  A sign for '22: Zverev dominates to claim ATP Finals trophy

‘Famous Technique’

According to its October 24 blog post, Microsoft said it had determined that “14” of resellers and service providers were compromised in the Nobelium attacks, which it said involved “well-known technologies, such as password spray”. and” was used. Phishing, stealing valid credentials and gaining privileges.”

Nobelium is the same group that Microsoft blamed last year for the cyber attack on US software company SolarWinds. That attack involved inserting malicious code into SolarWinds’ IT performance monitoring system, Orion, and gave hackers access to the networks of thousands of US public and private organizations that use Orion to manage their IT resources.

FILE – President Joe Biden meets with members of his cabinet, the national security team, and leaders from the private sector and academia to discuss how to collectively improve the nation’s cyber security, in the East Room of the White House in Washington, August 25, 2

The White House said in April that it believed the perpetrators of the SolarWinds hack were part of the Russian Foreign Intelligence Service, or SVR.

In an October 29 statement published by Russian network RBC TV, Russia’s foreign ministry rejected “baseless” Microsoft’s allegation that SVR was behind the recent cyberattacks on IT companies. It also said Microsoft should have shared data on the attacks with the Russian government’s National Coordination Center for Computer Incidents to help “professional and effective dialogue” to identify those involved.

VOA asked Microsoft if the company had communicated with Moscow about the latest hacking incidents, but Microsoft declined to comment.

It also did not disclose the names or locations of any of the IT companies targeted or compromised.

Charles Weaver, chief executive of the US-based International Association of Cloud and Managed Service Providers, also known as MSPlayance, told VOA that he had not heard of any members of his organization being affected by the latest nobelium attacks. Is.

MSPAlliance describes itself as the world’s largest industry group for people who manage hardware, software, and cloud computing services for customers. It says it has over 30,000 members worldwide, of whom about two-thirds are based in North America.

insufficient attention

Clearly successful cyberattacks on Microsoft-linked IT companies are a sign that US MSPs are not placing enough priority on cyber security, said a chief technology officer at US cyber security company BreachQuest and former US National Security Agency elite hacking team member. member Jake Williams said.

“The profit margins for MSPs are often very low, and in most cases, they compete solely on cost,” Williams told VOA in an interview. “Any work they do that doesn’t directly translate into additional revenue is generally not happening.”

FILE - In this August 22, 2019, photo on a bank of computers, signs tell visitors that machines are not working at the public library in Wilmer, Texas.

FILE – In this August 22, 2019, photo on a bank of computers, signs tell visitors that machines are not working at the public library in Wilmer, Texas.

One cybersecurity practice that more MSPs should adopt is sharing information about hacking incidents with US officials, said James Curtis, cybersecurity program director at Webster University in Missouri, in conversation with VOA’s Russian service.

Curtis, a retired US Air Force cyber officer and former IT industry executive, said MSPs don’t like to admit they have been hacked.

“They don’t want to share that their users’ information has been stolen, because it could hurt their bottom line and hurt their stock prices, and so they try to handle it internally. are,” he said.

“The MSP community is not perfect,” Weaver said. “Our members face a lot of cyber attacks and their job is to protect their customers from these things. For 21 years, MSPAlliance has strived to promote best practices to our global community, and we will continue to improve as quickly as we can.”

But Weaver said the criticism of MSP for not paying enough attention to cyber security is misplaced.

customer practice

“MSPs are urging their customers to make easy and affordable improvements like adopting multifactor authentication to back up their data to the cloud,” Weaver said. “But I personally have seen a lot of non-conformity among customers. They have to be the ones who ultimately pay and allow MSPs to implement those improvements.”

The Biden administration has also used a variety of tools this year to try to protect US bases from Russian and other foreign hackers. In May, President Joe Biden issued an executive order for US officials to tighten cybersecurity contractual requirements for IT companies working with the federal government. The order said companies should be required to share more information with federal agencies about cyber incidents affecting the IT services provided to those agencies.

In an earlier action in April, the Biden administration approved six Russian technology companies for providing support to malicious cyber activities of Russia’s intelligence services.

FILE - Deputy National Security Adviser for Cyber ​​Anne Neuberger speaks during the daily briefing at the White House, Sept. 2, 2021, in Washington.

FILE – Deputy National Security Adviser for Cyber ​​Anne Neuberger speaks during the daily briefing at the White House, Sept. 2, 2021, in Washington.

Senior US officials have also used diplomacy to try to expand international participation in a Counter-Ransomware Initiative (CRI). A US National Security Council statement issued on Wednesday said Deputy National Security Adviser Anne Neuberger on Tuesday reviewed the outcome of last month’s first CRI meeting of experts from the ministries of law enforcement, cyber security, financial regulators and foreign affairs. informed the representatives of the countries.

Chris Morgan, an intelligence analyst at UK-based cyber security company Digital Shadows, told VOA that strong cybersecurity practices mandated by the US government for federal contractors will not be voluntarily adopted by IT companies operating in the private sector. One such mandatory practice is for federal contractors to adopt a “zero-trust” security model, in which users who log into a network are not automatically trusted to do whatever they like within that network. but instead has to go through continuous authentication.

big government role

“Implementing zero-trust is a real change in the way you manage your network and that comes with significant costs. I think this is why a lot of companies are hesitant to do that,” Morgan said. that many people would like the US government to play a more active role in combating cybercrime [through promoting measures like zero-trust]”

Weaver of MSPAlliance said it’s not a good idea to apply federal cybersecurity regulations to the entire private sector because different industries, such as banking, healthcare and energy, have different IT needs.

He also said that the US government can effectively stop ransomware attacks by doing more to hold criminals accountable.

“Cyber ​​attacks are big business, yet hackers are in countries beyond the reach of our law enforcement,” Weaver said. “So you have a business model that has no deterrence to stop. And we have IT protectors against those attacks. I don’t think imposing rules on guardians will solve that.”


This article is republished from – Voa News – Read the – original article.

Nation World News Desk
Nation World News is the fastest emerging news website covering all the latest news, world’s top stories, science news entertainment sports cricket’s latest discoveries, new technology gadgets, politics news, and more.
Latest news
Related news
- Advertisement -