AUSTIN, TX – A massive cyber attack on the supply chain company SolarWinds in Austin has been felt through the entire government, including control systems for some of our nuclear weapons and tracking systems, analysts say.
According to SolarWinds, this malware was present as a Trojan horse in updates from March through June 2020.
This means any customers who downloaded the Trojaned updates also got the malware.
While not all customers who got the malware have seen it used for attacks, it has been leveraged for broader attacks against the networks of some strategically critical and sensitive organizations.
Those attacked include FireEye, the US Treasury Department, the US Department of Commerce’s National Telecommunications and Information Administration (NTIA), the Department of Health’s National Institutes of Health (NIH), the Cybersecurity and Infrastructure Agency (CISA), the Department of Homeland Security (DHS), and the US Department of State.
Hackers believed to be part of a nation state have had access to federal networks since March after exploiting a vulnerability in updates to IT group SolarWinds’s Orion software.
The hack has compromised the Treasury, State and Homeland Security departments and branches of the Pentagon, though it is expected to get worse. SolarWinds counts many more federal agencies as customers, along with the majority of U.S. Fortune 500 companies.
Richard Clark, cybersecurity czar who served under President George W. Bush, explained:
“This is the largest espionage attack in history. This is as though the Russians got a passkey, a skeleton key for about half the locks in the country. Think about it that way. It’s 18,000 companies and government institutions scattered around the U.S. And the world. This is an espionage attack.”
James Inhofe (R-OK), Senate Armed Services Committee Chairman, and Jack Reed (D-RI), ranking member released a joint statement on Thursday:
“The cyber intrusion appears to be ongoing and has the hallmarks of a Russian intelligence operation.
“One of the immediate steps the Administration can take to improve our cyber posture is signing the NDAA (National Defense Authorization Act) into law. The NDAA is always ‘must-pass’ legislation – but this cyber incident makes it even more urgent that the bill become law without further delay.”
On Thursday, Politico reported that the Energy Department’s National Nuclear Security Administration, which maintains the nation’s nuclear weapons stockpile, was also compromised, further raising the stakes.
Lawmakers say the scope of the attack, widely presumed to be by Russia, which has denied responsibility, demands some kind of response.
Senate Minority Whip Dick Durbin (D-IL) said:
“We can’t be buddies with Vladimir Putin and have him at the same time making this kind of cyberattack on America. This is virtually a declaration of war by Russia on the United States and we should take that seriously.”
Senator Mitt Romney (R-UT) also commented on Thursday:
“This incident is like Russian bombers flying undetected over the entire country.”
Romney harshly criticized President Trump for not doing enough to counter the attack.
“Our national security is extraordinarily vulnerable. In this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary.”
Senator Angus King (I-ME), co-chair of the Cyberspace Solarium Commission (CSC) reacted:
“No response is not appropriate, and that’s been our national policy by and large for the past 10 or 15 years. I want somebody in the Kremlin, sitting around that table to say, ‘wait a minute boss, if we do this we are liable to get whacked in some way,’ and right now they are not making that calculus.”
Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies, blamed those attacks on the fact that all those countries felt they could do so without incurring a U.S. response.
He compared the state of U.S. cyber defenses to the unprepared state of U.S. health care systems at the beginning of 2020, and advocated for both Congress and the incoming administration to immediately take steps to respond to the latest attack.
“I think we need to look at all the different tools, law enforcement tools such as indictments, and if necessary, military tools that remove the ability of the adversary to use similar tools to attack us.”
Montgomery agreed with the urgent need to sign the bipartisan bill into law, noting that if Trump chose not to, it could further dampen his legacy on cyber defense.
“This NDAA gives the president the opportunity to put his fingerprints on the long-term solutions to our cybersecurity challenges, and to leave the playing field with a win. If he chose not to, his cyber legacy would be an event like SolarWinds.”
Theresa Payton, White House chief information officer during the George W. Bush administration and the current CEO of the cyber consultancy group Fortalice Solutions stated:
“If somebody flew a plane into our airspace, a military plane, we have an international accord for that, and we don’t really have that for the digital domain.”
In a response independent of the government, Microsoft has released what it calls the “Death Star.”
This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.
Microsoft revealed late Thursday that it had identified more than 40 government agencies, think tanks, non-governmental organizations and IT companies infiltrated by the hackers. It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
Suspected Russian cyber-attack growing in scale, Microsoft warns https://t.co/e8cRO52AIG
— Guardian Tech (@guardiantech) December 18, 2020
In a blog post, Microsoft stated:
“This is not ‘espionage as usual,’ even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”
More on Microsoft’s “Death Star” reactions from GeekWire:
“The speed, scope and scale of Microsoft’s response were unprecedented. Specifically, Microsoft did four things over the course of four days that effectively undid the work of the attackers:
1) On Dec. 13, the day this became public, Microsoft announced that it removed the digital certificates that the Trojaned files used. These digital certificates allowed Microsoft Windows systems to believe that those compromised files were trustworthy. In this single act, Microsoft literally overnight told all Windows systems to stop trusting those compromised files which could stop them from being used.
2) That same day, Microsoft announced that it was updating Microsoft Windows Defender, the antimalware capability built into Windows, to detect and alert if it found the Trojaned file on the system.
3) Next, on Tuesday, Dec. 15, Microsoft and others moved to “sinkhole” one of the domains that the malware uses for command and control (C2): avsvmcloud[.]com. SInkholing is a legal and technical tactic to deprive attackers of control over malware. In Sinkholing, an organization like Microsoft goes to court to wrest control of a domain being used for malicious purposes away from its current holder, the attacker.
When successful, the organization can then use its ownership of that domain to sever the attacker’s control over the malware and the systems the malware controls. Sinkholed domains can also be used to help identify compromised systems: when the malware reaches out to the sinkholed domain for instructions, the new owners can identify those systems and attempt to locate and warn the owners. Sinkholing is a tactic that was first used in big attacks in the 2008-2009 battle against Conficker and has been a standard tactic in Microsoft’s toolkit for years, including most recently against TrickBot.
4) Finally, on Wednesday, Dec. 16, Microsoft basically changed its phasers from “stun” to “kill” by changing Windows Defender’s default action for Solorigate from “Alert” to “Quarantine,” a drastic action that could cause systems to crash but will effectively kill the malware when it finds it. This action is important, too, because it gives other security companies license now to follow suit with this drastic step: Microsoft’s size and leadership of its platform give cover to other security companies that they wouldn’t otherwise have.”
Do you want to join our private family of first responders and supporters? Get unprecedented access to some of the most powerful stories that the media refuses to show you. Proceeds get reinvested into having active, retired and wounded officers, their families and supporters tell more of these stories. Click to check it out.
One of the largest cyberattacks on medical infrastructure in history just hit a major hospital chain
September 29, 2020
WASHINGTON DC – It’s an attack that shows just how fragile our infrastructure is.
One person died during the attack which may well have been the cause.
A major hospital chain has been hit by what appears to be one of the largest cyberattacks on medical infrastructure in US history. https://t.co/cVHiQWXZP0
— NBC News (@NBCNews) September 28, 2020
The major hospital conglomerate may have fallen victim to a ransomware cyberattack, according to NBC News. Because the computer systems were failing as a result of the attack, hospital personnel were forced to go old school in using pen and paper to notate patient files.
The Hospital released a statement on September 28th, which read:
“The IT Network across Universal Health Services (UHS) facilities is currently offline, due to an IT security issue. We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible.
“In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively. No patient or employee data appears to have been accessed, copied or misused.”
Ransomware is a software that affects computer systems typically when an unsuspecting person clicks on an item, they believe is coming from a trusted source but has been disguised. Once the victim beings clicking on the links provided in the email, it opens the ransomware which infects the networks.
Once the hacker gains control of the network, they lock it down, preventing anyone from accessing it, that is, unless the business or person pays whatever amount of money is demanded by the hacker.
According to NBC, two nurses with UHS, said they believe the cyberattack occurred over the weekend. This attack eventually led to all of the information on the network to no longer be accessible by the hospitals.
Another nurse, who works somewhere in North Dakota, told the outlet that they noticed the computers starting to slow over the course of the weekend. By early Sunday morning, the computers would no longer turn on.
Another nurse out of a hospital in Arizona told NBC that the computers just began to shut down on their own. The unnamed nurse said:
“Our medication system is all online, so that’s been difficult.”
It was difficult because the medication information is all kept online and only backed up at the end of each working day. So, when the computers and the network began to go down, the only information hospital staffers had was from the end of the 26th.
Ransomware attacks on hospitals are nothing new, in 2017 a version of the virus called WannaCry was alleged created by hackers from the North Korean government. The virus infected many countries along the way as well as the United Kingdom’s National Health System. As a result of the virus, at lease 80 different medical facilities were affected.
A computer security engineer, Kenneth White, said that these types of attacks on medical facilities could have deadly consequences. White said:
“When nurses and physicians can’t access labs, radiology or cardiology reports, that can dramatically slow down the treatment, and in extreme cases, force re-routing for critical care to other treatment centers. When these systems go down, there is the very real possibility that people can die.”
In the meantime, the Federal Bureau of Investigation and the Department of Homeland Security have accused the Chinese government of “targeting organizations conducting coronavirus research with cyberattacks, and warned that such companies should take steps to protect their systems, even as they scramble to combat a virus that originated in China,” according to a report from Fox News.
The FBI jointly released a public service announcement with the Cybersecurity and Infrastructure Security Agency (CISA).
That announcement stated, in part:
“The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by [the People’s Republic of China]-affiliated cyber actors and non-traditional collectors.
“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.
“The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.
“The FBI and CISA urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material.
FBI is responsible for protecting the U.S. against foreign intelligence, espionage, and cyber operations, among other responsibilities.
“CISA is responsible for protecting the Nation’s critical infrastructure from physical and cyber threats. CISA is providing services and information to support the cybersecurity of federal and state/local/tribal/territorial entities, and private sector entities that play a critical role in COVID-19 research and response.”
These agencies point to increased media coverage of organizational efforts to combat the pandemic as creating a target rich environment for bad actors.
According to Fox, there is intelligence from numerous countries that “reportedly share the U.S. view” that China actively sought to hide the outbreak from the onset, to the detriment of not only themselves, but the entire world.
As I have said for a long time, dealing with China is a very expensive thing to do. We just made a great Trade Deal, the ink was barely dry, and the World was hit by the Plague from China. 100 Trade Deals wouldn’t make up the difference – and all those innocent lives lost!
— Donald J. Trump (@realDonaldTrump) May 13, 2020
President Trump has been vocal about the origin of the virus and his belief that China attempted to hide it from the global community, often referring to the outbreak as the Chinese virus and Wuhan virus, identifying where it originated.
Colleges and universities have banned those phrases, saying that it is akin to hate speech. Cities have passed orders and ordinances against the use of those phrases.
The mainstream media, of course, deems it racist to refer to the virus as outlined above.
But the President was able to succinctly respond to his critics.
He says that the virus started in a lab in Wuhan,China. The Chinese government apparently tried to cover it up as long they could, and now they are allegedly going after groups that are researching the pandemic’s origin and how to stop it.
The questions the President poses are what does China have to hide, and is the World Health Organization helping them?
During a recent White House briefing in relation to COVID-19, President Donald Trump broke down the numbers as they relate to China’s and the U.S.’s contributions to the World Health Organization (W.H.O.).
The United States funded the organization much more than China.
In 2019, the U.S. blew $452,000,000.00 on the WHO. China? A measly $42 million. https://t.co/kCTlSihAFY
— Breitbart News (@BreitbartNews) April 9, 2020
While addressing the press on April 8th, President Trump was critical of both China’s monetary contributions to the W.H.O. while also being critical of the organization’s response to the pandemic.
Trump started by detailing the 2019 numbers between the U.S. and China:
“Last year, it was $452 million, and China paid $42 million”
From there, the president dove into a few more examples of years prior, where China seemingly contributed roughly 10% of what the United States doled out to the organization. In certain years, he cited that the U.S. had allotted in excess of $500 million.
On top of noting China’s lackluster contributions, he was quick to point out how badly he thought that the W.H.O. dropped the ball:
“World Health got it wrong. I mean, they got it very wrong. In many ways, they were wrong. They also minimized the threat very strongly and not good.”
Not only did the organization appear to get some things wrong when handling the pandemic, but there’s a decent amount of people concerned that they were complicit in China’s cover-up attempts of the virus early on. The W.H.O. even endorsed China’s early-on claims that there was no proof of human-to-human transmission in January.
.@realDonaldTrump is exactly right. @WHO actively participated in China’s #COVID19CoverUp – doing the *exact opposite* of what the organization was created to do: “disseminate public health information of international significance.” https://t.co/xCPSdNzkQX
— Senator Ted Cruz (@SenTedCruz) April 8, 2020
Yanzhong Huang, a global health expert specializing in China, even noted that the organization sullied matters relating to China and the pandemic:
“They could have been more forceful, especially in the initial stages in the crisis when there was a cover-up and there was inaction.”
There is a lot of blame to go around for the uncontrolled outbreak of the coronavirus. China has been widely criticized for covering up the virus even as it ran unabated across that country. Now another entity is coming under fire…the World Health Organization (WHO).
As information started coming out of China about the virus, the WHO was acting arguably dismissive of the virus, standing in lockstep with the Chinese Communist Party’s apparent suppressing of the potency of the disease.
“Preliminary investigations conducted by the Chinese authorities have found no clear evidence of human-to-human transmission of the novel #coronavirus (2019-nCoV) identified in #Wuhan, #China,” WHO tweeted back in January.
January 14: WHO echoes China’s assessment: “Preliminary investigations conducted by the Chinese authorities have found no clear evidence of human-to-human transmission of the novel coronavirus.” Wuhan doctors knew the opposite for at least five weeks.https://t.co/ZZ38IVZrM2
— Jim Geraghty (@jimgeraghty) March 23, 2020
So, after China appeared to either blow off the virus or purposely cover up its severity, especially in the crucial first few weeks of the outbreak where it may have been contained, the virus has now infected some 652,00 people worldwide, including over 116,000 in the United States.
Of that number, nearly 2,000 Americans have died with nearly a quarter of that number being in New York City as of the time of this writing. This is according to Johns Hopkins University, which is tracking the virus in real time.
Fox News has been told that political correctness by the WHO in deliberately underestimating the extent of the virus’ threat led to the current pandemic.
“(WHO) has been trying to be politically correct by underestimating the extent of the threat. They lost some credibility when they stated in late January that the global risk assessment was moderate,” said Dr. Attila Hertelendy, a Florida-based expert in biomedicine.
“For an international body that people (and) governments and the business community looks to for advice, they are simply too slow, burdened by bureaucracy and political correctness.
“They have a great staff working for them, and many of my colleagues are advisors, they just need to listen to them and take action swiftly.”
Hertelendy is not the only one raising alarm bells about the WHO.
Dr. Stanley Weiss, a professor of Medicine and Epidemiology at Rutgers Medical School in New Jersey agreed, saying that the lack of early action has been especially frustrating for the medical community.
“I was personally frustrated at WHO’s apparent great fear in moving from classifying from epidemic to pandemic, all the more given all the evidence we had gathered from China’s experience,” he said.
“Historically, a great strength of the WHO was its expertise in consensus building. Here, we needed leadership, not merely consensus building. It is hard for some organizations to act.”
On December 31 of last year, Chinese authorities notified the WHO of the outbreak of a so-called novel strain of coronavirus which was causing severe illness.
For weeks, the WHO resisted declaring the virus a pandemic, waiting until March 11, a full 2-1/2 months after they were notified by China to declare it so. Weiss’s opinion is that often times, science is frequently ignored “in favor of the politics within WHO’s vast constituency.”
“The WHO waited much too long to declare a ‘Global Health Emergency,’ a designation that importantly would have alerted public health officials in countries neighboring China to start preparing.
“Similarly, the WHO initially refused to declare a global pandemic, bizarrely claiming that they no longer used this designation, but then ultimately did so,” said Dr. Dena Grayson, a Florida-based expert on infectious diseases.
“This also likely caused substantial delays in preparedness by other nations in advance of this deadly virus.”
There are also some critics who believe that WHO acted as an arm of the Chinese Communist Party (CCP).
According to Brett Schaefer, a Senior Research Fellow in International Regulatory Affairs at the Heritage Foundation noted that China has “a well-established record of suppressing information that it considers harmful,” which is nothing new where it concerns the WHO.
“Thus, it is hardly surprising that it failed to be transparent and truthful in reporting details on COVID-19 to WHO and the international community. In fact, this is not the first time this has happened,” he said.
“In 2003, China concealed and denied an infectious disease outbreak—later called SARS—for months.
“Given this history, the willingness of WHO to take China’s statements at face value is shocking.
“WHO leadership is too susceptible to political pressure in its decisions on declaring a public health emergency of international concern (PHEIC), and this needs to be addressed.”
The WHO works as a specialized agency under the auspices of the United Nations, falling under the UN’s Sustainable Development Group. The WHO was established in 1948, the same time the UN was created.
The organization was given the responsibility of being in charge of monitoring public health risks and overseeing responses to emergencies.
The organization is based in Geneva, Switzerland and has an annual operating budget of $2.1 billion, with 194 member states.
Of course, the United States is the biggest contributor to WHO, totaling $400 million in 2017 and is also the largest financier, contributing more money than even the United Nations, followed by South Korea, Australia, the Gates Foundation and finally Japan.
Despite evidence that China downplayed the outbreak late last year, WHO doesn’t appear to be overly concerned.
Some critics have accused the organization of covering up Chinese misconduct at the onset, and instead praising China for the country’s apparent authoritarian clampdown in making it look like they were trying to contain the disease.
It was apparently too little, too late as far as mitigating the spread outside of China.
Some have also criticized the role of WHO’s leader, Ethiopian national Tedros Adhanom Ghebreyesus, who was given the position in 2017 by member states and who is in the middle of a five-year term.
People are questioning whether he “sucked up” to China in order to secure massive donations to the organization.
Ghebreyesus routinely lauds Chinese President Xi Jinping for his handling of the outbreak, while refusing to address alleged early cover-ups and the fact that China allegedly silenced several doctors who were attempting to speak out about the viral outbreak in Wuhan.
There is also the fact that Taiwanese officials claimed they alerted WHO back in December about the risk of human-to-human transmission of the pathogen.
Leaders in Taipei said that the information was not passed on to other countries and basically went unheeded.
Taiwan Says It Warned WHO About Coronavirus In December, But Its Warnings Were Ignored. https://t.co/fgb309QosV
— Daily Caller (@DailyCaller) March 21, 2020
Currently, Taiwan is forbidden to be a member of the WHO because of the so-called “One China” policy pushed by the People’s Republic of China.
“Overall, the WHO is a useful organization and its scientific experts are absolutely world-class,” Grayson said.
“Unfortunately, like all too many organizations, politics sometimes get in the way of decisive action.”
Schaefer noted that the WHO may be facing some scrutiny after the pandemic starts to fade.
“If the organization performs well, member governments are more confident in having it assume an increased role. If they fail, the member states look to reform them or create alternative mechanisms,” he said.
“During the Ebola crisis in 2014, WHO was strongly criticized for its slow and ineffective response, and the member states pressed the leadership for reforms to address those failings.
“It is clear from the response to COVID-19 that more changes are necessary.”
Part of the issue as seen by some experts is the fact that as part of the UN, the WHO is also suffering the same problem.
Dr. Roger Bate is a visiting scholar at the American Enterprise Institute and a specialist in public health and infectious diseases.
He noted that bloated bureaucracies, such as those at the UN, need to be looked at going forward in order to stop a similar pandemic much earlier.
“WHO is part of the UN. UN is overly bureaucratic, but we need it because it is the global organization where member states can come to discuss issues like this,” he explained.
“WHO has become less relevant in the past few decades, COVID-19 remind us why it is important and why, when it fails, we all pay the price.”
Bate also said that the WHO has to be more aggressive in demanding local action from wherever a pandemic begins.
“I believe following COVID-19, U.S. and E.U. will back it because of the huge cost we are now paying. Basically, WHO should get the funds it requires and can embarrass nations like China that do not act properly,” he said.
“And this will happen again unless China shuts its wet markets with live animals. Contagions from zoonotic viruses are the problem, and China is ground zero for these.”
Hertelendy agreed with Bate that the so-called “playbook” needs to be changed.
“Following a politically correct agenda doesn’t work in the 21st century,” he added. “Simply, they need to focus on restoring credibility, admit mistakes and be transparent and ready to make decisions quickly and confidently.”
Want to make sure you never miss a story from Law Enforcement Today? With so much “stuff” happening in the world on social media, it’s easy for things to get lost.
Make sure you click “following” and then click “see first” so you don’t miss a thing! (See image below.) Thanks for being a part of the LET family!