If you haven’t yet heard about the massive government cybersecurity issue we just discovered against US government agencies and businesses, check out Part 1 of this in-depth investigation into the breach.
Already up to date on facts behind what happened to cause this government cybersecurity issue and how? Read on to learn who did this, what was taken, what happens now, and what your company can do to improve your cybersecurity response in this new landscape.
Ask any expert, they’re gonna tell you it was the Russians.
Why? Because the Russian espionage agency, the SVR (the successor to the KGB) is one of the most elite hacking teams on the planet. They have a lot of resources, they have a lot of skill, and they have a lot of time.
This was one of the biggest cybersecurity breaches/cyberattacks ever engineered and, since no one else in the world can really hold a candle to the Russians’ capabilities in the world of cyber, it pretty much had to be the Russians.
Maybe not though. Maybe it was someone else. When the US asked about the government cybersecurity issue, Russia denied it was them (for whatever that’s worth).
In this article, we’re going to stick with the assumption that it was the Russians because that’s the most likely.
This one is kind of scary: honestly, we have no idea.
For 6-9 months, the Russians have had access to our government’s systems as well as private companies’ systems, and they may have done anything in there with that amount of time.
They could have created authentication tokens that mimic anyone with access, including users with highly privileged access. They could have used that privileged access to set up authentication for themselves, so they wouldn’t have to masquerade as anyone else. They could have set up APIs to fetch data when posted; they could have stolen all the data we’ve got.
They could have set up “persistent access,” which means they can take anything because we can’t really ever find them or oust them from our systems.
They also could have corrupted or changed some of our data, and they could be falsifying communications. At this point, it doesn’t seem like they’ve done that… but who knows? As we said, we really don’t know what they did, just that they’ve had a lot of time to do it.
By the way, it’s not like they’re locked out now that we’ve found the cybersecurity breach. The Russians are still in there. Finding the breach is like locking the barn doors after all the animals have run away.
It will take months or years to figure out which networks are controlled by the Russians (they’re all likely to be occupied by the Russians at this point). In the meantime, we may have to just slash and burn all the systems we’ve got in order to eradicate their presence.
And yes, that’s exactly as bad as it sounds: to properly secure ourselves, it looks like America will have to rebuild systems from the ground up, isolate them from our current systems, and in the meantime, maintain a properly functioning, highly responsive government.
President Biden has stated, unequivocally, that he will not stand for this behavior from the Russians or anyone else and that a Biden presidency will create real punishments for cybercrimes. Ron Klain, Biden’s incoming Chief of Staff, suggested that we start counterattacking.
But we can’t forget that the Russians have access to our communications systems.
As Biden is hammering out the details on how to track down the perpetrators, how to punish them, and how to set up real consequences for the future, Russia will have an insider’s view to all those communiques. They may even be able to falsify key communications.
Long story short: This is going to be a long, hard road, people. We’ll continue to learn more over the next months and years but, in the meantime, you will need to be extra diligent about improving cybersecurity in your systems.
In response to this news, the network operator at your company will want to carefully inspect all internal traffic to detect and neutralize anomalies and obvious remote commands.
Though still critical, you can no longer look at authentication as the end-all, be-all security measure. Instead, you must try to track behaviors within your networks, so you can freeze suspicious activity before it becomes a problem.
To help with this, the Seattle IT experts at Interplay suggest turning to Managed Detection and Response software, but we’re happy to discuss other options that may be a better fit for your organization’s budget and needs.
For 20 years, the friendly and knowledgeable IT team at Interplay has helped business leaders across a range of industries get more out of their tech, stress-free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.
Photo by Philipp Katzenberger from Unsplash