Search This Blog

US Senate's Selection Committe Raises Some Serious Concerns Regarding SolarWinds Attack

Threat actors attacked nearly 100 companies and multiple government agencies.

 

The US Senate’s select committee has blamed Russia for the massive intelligence operation that infiltrated SolarWinds, a Texas-based software company, to steal data from various governments and nearly 100 companies. Threat actors exploited the vulnerabilities in SolarWinds and Microsoft programs to penetrate the companies and government agencies. 

Some key issues were raised during a hearing of US Senate’s select committee:

• Threat actors conducting a “dry run”; 
• The true motive behind an attack; 
• Threat actors exploiting Amazon Web services vulnerabilities; 
• Improvement in cyberthreat and intelligence information sharing.

Kevin Mandia, CEO of FireEye revealed the methodology used by threat actors for conducting a “dry run” in October 2019. He stated during his testimony that “they put an innocuous build in to make sure that it made it to the [production] environment,”. He also added that his company’s engineers have worked day in, day out, spending more than 10,000 hours to analyze the source of the data breach and how it led the threat actors to the SolarWinds server.

Many witnesses blamed the Russian-based hacking group for data breach, Microsoft’s President Brad Smith testified: “We’ve seen substantial evidence that points to the Russian foreign intelligence agency and we have found no evidence that leads us anywhere else.” 

Senator Marco Rubio, the vice chairperson of the intelligence committee said there is conclusive evidence to suggest that the attack was more than a cyberespionage campaign. Hence, to draw any conclusions at this point is not justified. “While I share the concern that an operation of this scale with a disruptive intent could have caused mass chaos, those are not the facts that are in front of us. Everything we have seen thus far indicates this was an intelligence operation – a rather successful one – that was ultimately disrupted.”

Senators slammed Amazon Web Services for declining to testify given the company’s infrastructure was used in the attack. Sen. Rubio stated that “we had extended an invitation to Amazon to participate. The operation we’ll be discussing today uses their infrastructure, [and], at least in part, required it to be successful. Apparently, they were too busy to discuss that here with us today, and I hope they’ll reconsider that in future.”

Sen. Richard Burr said, Amazon Web Services hosted most of the secondary command and control nodes in the SolarWinds attack, which raised questions about how much Amazon and its executives have revealed about what they know. 

During the hearing, witnesses agreed with many of the committee members regarding the strengthening of cyberthreat and intelligence information sharing. Kevin Mandia, CEO of FireEye said that 2015 Cybersecurity Information Sharing Act should be updated which will make it easier to share intelligence and provide protection to data breach and gather the initial intelligence. Anne Neuberger, Deputy National Security Adviser said earlier this month that nine federal agencies and 100 private organizations, were compromised as part of the attack.
Share it:

Cyber Crime

Security Operations

SolarWinds Attack

SolarWinds Hearing