[ad_1]
As attacks exploiting the vulnerabilities have intensified, the update window for exposed servers is incredibly short – “measured in hours, not days,” a senior administration official told reporters.
President Joe Biden was briefed on the Exchange hacks earlier this week, the official said.
“He was very engaged on this topic, he asked a lot of questions on this topic and clarified that he had ordered that we tackle cybersecurity vulnerabilities and that we take this matter seriously,” the official told reporters. .
For the first time, the US government has invited members of the private sector to participate in the multi-agency task force set up in response to the server software flaws, the official said. Private entities will have access to sensitive information compartmentalized across the country in order to participate in classified discussions if necessary, the official added.
U.S. intelligence agencies are not looking for any additional legal authority to monitor domestic cybersecurity incidents, the official added, as the Biden administration believes the public-private partnership is the ideal model for detecting and mitigating cybersecurity threats.
The White House is not yet ready to assign responsibility for the Microsoft Exchange attacks, National Security Advisor Jake Sullivan said on Friday.
“I am not in a position to stand here today to provide an attribution,” he said during a White House press briefing. “But I promise you that we will be able to attribute this attack at some point in the near future, and we will not hide the bullet on it. We will introduce ourselves and say who we believe committed the attack. . “
Attacks on the rise
Attacks related to Exchange software vulnerabilities are on the rise. On Thursday, Microsoft and security researchers warned that the vulnerabilities are now associated with another powerful cybersecurity threat: ransomware, which locks down a computer or files on a network and holds them hostage until the victim pays a fee.
Security experts at Palo Alto Networks estimated Thursday that at least 20,000 US-based Exchange servers remain unpatched and vulnerable to exploitation, and up to 80,000 worldwide.
Other security researchers say the pace of attacks on Exchange servers is increasing as opportunistic hackers seek to take advantage of the openness discovered by Hafnium, the Microsoft group said it was responsible for the initial breaches and is “assessed as state sponsored and operating. of China. “
The number of attempted attacks on organizations has doubled every two to three hours, according to Check Point Research, which monitors the Internet for malicious activity.
Adding ransomware to the volatile mix only increases the danger to vulnerable organizations, said John Hultquist, vice president of analytics at Mandiant Threat Intelligence.
“Although many as yet unpatched organizations have been exploited by cyber espionage actors, criminal ransomware operations may pose a greater risk as they disrupt organizations and even extort victims by distributing stolen emails,” said Hultquist. “Ransomware operators can monetize their access by encrypting emails or threatening to disclose them, a tactic they have recently adopted.
The administration plans to respond
On Friday’s conference call with reporters, the senior administration official outlined several steps the Biden administration plans to take in response to the SolarWinds and Microsoft Exchange security incidents, but warned that a direct response to SolarWinds hackers were still weeks away.
The nine federal agencies that were compromised by the SolarWinds intrusion were under a four-week review, with some still examining their systems to ensure foreign adversaries were completely kicked out, the official said. Those who have not completed their exams are expected to be completed by the end of the month.
The official provided some details on the response to suspected Russian hackers behind the SolarWinds intrusions.
“You can expect more announcements on this in weeks, not months,” the official said.
The administration’s internal review revealed “significant gaps in cybersecurity modernization and technology across the federal government,” the official said. “We will deploy the technology to address the gaps we have identified starting with the nine compromised agencies” and then more broadly across the federal government.
Throughout the process, the White House held regular meetings with the deputy heads of the compromised agencies.
In a few weeks, the official said, the White House will roll out executive action that will include ideas to strengthen the country’s cybersecurity, including proposals to assign letter-level cybersecurity ratings to vendors of software used by the federal government. . The idea was inspired by Mayor Michael Bloomberg’s remediation notes for restaurants. Another concept is inspired by Singapore’s cybersecurity standards for consumer devices connected to the Internet. The goal, the official said, is to create a cybersecurity “market” where companies compete for high security ratings.
CNN’s Betsy Klein contributed to this report.
[ad_2]
Source link