SBN

Time for the U.S. to Strike Back?

Almost exactly one month ago, I wrote a post reporting on the
SolarWinds security fiasco
when they received a
supply chain attack apparently performed by Russians. (If by any chance
you don’t know about this case, I recommend you start with that post.)
It was early last year when one SolarWinds Orion software update was
infected with malware, and thousands of corporate customers and several
U.S. federal agencies installed it on their systems. It took nine
months
or so for a cybersecurity company
(FireEye; among the victims) to realize that
‘Russian spies’ were already inside and that they were skulking around,
paying attention to organizational processes and collecting private
information.

Kevin Mandia, CEO of FireEye, recently explained to CBS News’ 60
Minutes

how everything started when a staff member noticed that something was
wrong. Apparently, in the middle of their two-factor authentication
process, one of the employees displayed two phones registered in his
name when there usually is only one. “Suspicious, FireEye turned its
gaze inward and saw intruders impersonating its employees snooping
around inside their network,” according to CBS. They triggered the
alarms from that internal investigation, especially when they discovered
that the entry point could be the popular SolarWinds Orion software.

How did the attackers experience these FireEye alarms after so long?
Even more curious, how much time would it have taken for U.S. federal
agencies to discover this invasion if FireEye had not detected it? These
are questions for which we have no answers. It is worth recalling that
the affected agencies include the U.S. departments of Treasury,
Commerce, State, and Justice, as well as the National Nuclear Security
Administration and even the Pentagon. A tremendous amount of a nation’s
critical data is what a group of ‘Russian cyber soldiers’ could and
possibly still can access.

“Spies,” “soldiers,” these are not words I’m choosing on the spur of the
moment. Media such as the one I’m using as a reference in this
particular case (i.e., CBS News) already
make mention of a “cyber war
between

the United States and Russia.” Since the first reports on this event,
experts have spoken of a highly sophisticated and unprecedented attack.
(To me, this is one of the main clues that seem to lead many to
conjecture that this is a government-sponsored assault.) Apart from
expressing his astonishment at what has happened, Brad Smith, president
of Microsoft (another affected firm), declared that more than 1,000
Russian cyberattackers must be involved according to his company’s
investigations. No doubt, by suggesting that number, he lends weight to
the idea that this means war.

A Russian intelligence agency is allegedly implicated in all of this.
Perhaps it is the same agency credited with developing a similar tactic
against multiple systems and networks in Ukraine in 2017, using the
malware known as
NotPetya.
(Or maybe it is another one called
SVR.)
The big difference was that on that occasion,
GRU, this military agency,
did not limit its activities to espionage but led lots of devices to
self-destruction. As Brad Smith said, “It literally
damaged

more than 10% of that nation’s computers in a single day.” Now the
questions are: will this U.S.-focused SolarWinds supply chain attack
transcend to involve more than espionage? What implications may arise
from the collection of mostly political and military data by the
Russians? ‘Nobody’ knows.

Russia

Figure 1. Photo by Elena Mozhvilo on
Unsplash.

Expert opinions

Jon Miller, Founder and CEO of Boldend,
referred to this
case

as a “watershed style attack” with which Russia has made us doubt the
security of any software we use in our daily routine. For Miller, this
malware deployed in a chain from SolarWinds could easily be modified by
its creators to go beyond its current function and lead to the
destruction of devices in networks.

Chris Inglis is a member of the U.S. Cyberspace Solarium
Commission
, an intergovernmental body
dedicated to devising defense strategies for the country against
cyberattacks. Given the current state of affairs, he is among those who
assume that in order for everyone to get rid of this infection entirely,
they would have to get rid of all the hardware and software involved.
(That reminds me of Vaughan-Nichols’s
words
.)
Inglis recognized that the U.S. has a significant problem with the
absence of a common defense line for private enterprise and government.
And he
suggested

a greater collaboration between these parties for the identification and
treatment of cyber threats.

In the meantime, this incident is still ongoing, with new breached
companies joining the victims. In line with what Miller said, this is
one case where you discover the surreptitious attack, but even so, it
doesn’t stop. Perhaps it is so because the U.S. is not completely sure
who the attackers are. However, Miller believes
that

the government will succeed in identifying them, but still, as on other
occasions, will not arrest them and will only deny them entrance to the
U.S. For him, the nation needs to define limits that force it to respond
with attacks if its rivals overstep them. It seems that the United
States has no offensive action, does not intimidate, and therefore
receives and receives attacks in cyberspace.

James A. Lewis, Director at the Center for Strategic and International
Studies
, expects the Biden administration to
bring with it an offensive strategy in which the U.S. finally responds
to countries such as Russia and China. While accepting
it
as
risky with the possibility of generating a major conflict, he
acknowledged it as a priority to begin experimenting with cyberattacks
against the Russians. Lewis even listed trying to interfere with their
media and financial activities as alternatives. “The goal is to make
them afraid,” he said. It would be an essential step —following Lewis—
to get the U.S. out of the current mess and to avoid further
complications of this nature.

I’d like to know what Russians think when they read such suggestions in
the media. Where might a United States counterattack lead us? How would
the Russians react? Could a cyberwar consolidate as the bedrock of a new
catastrophic human confrontation with destructive weapons? Am I going
overboard with my inquiries?

What do you think? Is it time for the U.S. to strike back?

*** This is a Security Bloggers Network syndicated blog from Fluid Attacks RSS Feed authored by Felipe Ruiz. Read the original post at: https://fluidattacks.com/blog/solarwinds-us-strike-back/