The Senate Homeland Security and Governmental Affairs Committee will be holding a hearing on “Understanding and Responding to the SolarWinds Supply Chain Attack: The Federal Perspective” on Thursday March 18.
Speaking of which, Bleeping Computer reports that as of March 11, 2021 “CISA officials said that, so far, there is no evidence of US federal civilian agencies compromised during ongoing attacks targeting Microsoft Exchange servers. This statement is based on information collected by federal agencies following an emergency directive issued by the US Cybersecurity and Infrastructure Security Agency (CISA) one week ago.”
Following up on this story, Cyberscoop reports that
Suspected Chinese government-linked hackers were the first to allegedly exploit the Microsoft vulnerabilities. As soon as the company released a fix for the bugs, though, taking the issue public, a range of other hacking groups also appeared to try leveraging the flaws. At least ten different advanced threat groups are working to exploit the vulnerabilities now, according to ESET research, while other hackers have stolen email data and others have tried to generate financial revenue.
But with such a large list of victims — 30,000 organizations in the U.S. alone, according to some estimates — and so many attackers trying to leverage the flaws, there is little hope for cybersecurity professionals and affected entities to keep up with the sheer volume of exploits and attackers pummeling them, analysts say. In addition to patching the holes in Microsoft technology, organizations should also be working to evict hackers from their networks, and remain on alert for data theft, credential theft and other potentially damaging follow-up attacks. Security analysts also are warning that the flaws could open the pathway for ransomware attacks, meaning that if organizations fail to act now, it could cost them later.
Here is a link to the latest CISA remedial guidance on the Microsoft vulnerabilities.
Cyberscoop adds that
Over the last several days, Allison Nixon, the chief research officer at cybersecurity consulting firm Unit 221B, rounded up her team to develop a website that would help alert organizations if they’ve been comprised.
The Unit 221B website is designed so users can search to see if they are using compromised Exchange servers with Outlook Web Access (OWA) enabled. Users can go to the site, which launched Tuesday, directly from their Exchange server, which will allow Unit 221B to check their IP address against their victim list. Victims will then be alerted if they are compromised and if the attackers loaded webshells, a malicious tool used to establish a foothold inside targets, Nixon says.
Creating a data backup is one of the most crucial steps that organizations can take right now to protect themselves, Nixon said. Organizations that don’t make a backup of their servers but that do get hit with a ransomware attack, in which hackers lock up their machines and extort them for money, run the risk of losing their businesses entirely, Nixon warned. “It doesn’t matter if they don’t have a regular backup program, or they don’t have a fancy IT team — they just need to take a copy of their servers … put it on a hard drive, put it it in a safe: A one-time thing this week,” Nixon said.
In federal personnel news, Nextgov informs us that the U.S. Office of Personnel Managements chief information officer (CIO) Clare Martorana has been named the federal government’s CIO. Congratulations to her. OPM Principal Deputy CIO Guy Cavallo will serve as acting CIO until a permanent replacement is named, an OPM spokesperson told Nextgov.