As we reported previously, the US government and other private parties were the target of cyberattacks without a confirmed author or authors (although the Russian government is highly suspected - through the Russian military intelligence unit called "Cozy Bear"). This was after its IT provider (SolarWinds) failed to notice that hackers had inserted a "vulnerability" in the updates that the company would publish for its Orion software.
Apparently, as a result of these attacks, the exposure of confidential government data was generated, not for a day, but during the last months, he said. The Hill.
In that sense, Bennie Thompson, chairman of the House of Representatives (Congress) Committee on National Security noted: “Congress must understand the scope of what happened and what resources federal agencies will need to secure their networks"
On the other hand, Roger Wicker, chairman of the Senate Commerce Committee, indicated: “While many details are still unknown, the attack emphasizes the importance of cybersecurity and rapid responses to incidents across all federal agencies (…) Cyber attacks from states such as Russia and China threatened our economy and national security. Our response must be quick and clear "
Worst? The attack not only involved the Department of Homeland Security, the Treasury, Commerce, and the National Telecommunications Administration, but also involved entities from the military, the Justice Department, the National Security Agency, the Postal Service, and other companies. of large capitals, why? All of these entities had business relationships with SolarWinds, that is, they had the software in question installed on their systems.
For its part, SolarWinds indicated that hackers would have accessed their institutional emails by taking advantage of some functionalities of Microsoft Office 365. And in response, Microsoft maintained that it had not identified any vulnerability in Microsoft's cloud products, but did not deny the possibility that everything that happened has implied some vulnerability of its product under the argument that it would be “nation-state activity on a significant scale"
Other members of Congress also described the events as "devastating" and pointed out that unacceptable risks were generated for the security of the Americans, with which, they should do everything possible so that this did not happen again. Some were more severe, such as the Vice Chairman of the Senate Intelligence Committee, Mark Warner, who noted: “we must make it clear that there will be consequences".
Finally, the most serious thing is that there is no certainty about the information to which they had access or the purposes that it could have, and to crown the difficult situation, as we pointed out in a previous note, the Cybersecurity and Infrastructure Security Agency (CISA) does not have its main officials to deal with the problem. This after the Trump administration decided to (i) eliminate the position of "director of cybersecurity" and (ii) the departure of other senior officials.
Is it possible that this lack of leadership in cybersecurity was exploited by the perpetrators of the massive hack or was it a great coincidence?