SolarWinds hackers could have been waylaid by simple countermeasure - U.S. officials

FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel

WASHINGTON (Reuters) - Following a decade-old security recommendation could have helped stymie the Russian hackers who ran amok across federal government networks last year, the Department of Homeland Security's digital defense arm said in a letter sent earlier this month.

As the United States prepares to pour billions of dollars into shoring up its cybersecurity following a series of dramatic intrusions by foreign hackers, the acknowledgement from the Cybersecurity and Infrastructure Security Agency (CISA) highlights how basic digital security measures can help defeat or at least mitigate the impact of even the most severe breaches.

The June 3 letter, sent by CISA to Senator Ron Wyden, concerned the sprawling espionage campaign that hijacked software from Texas-based SolarWinds Corp to compromise nine government departments, a months-long effort that led to the theft of thousands of U.S. officials' emails and is already racking up hundreds of millions of dollars in cleanup costs.

The hackers - alleged to be Russian operatives - pulled off the intelligence coup by subverting SolarWinds' widely deployed networking monitoring program and using it to plant malicious software on thousands of clients' servers, eventually singling out a smaller number for in-depth exploitation.

CISA said that had those victims configured their firewalls so that they blocked all outbound connections from the servers running SolarWinds, it "would have neutralized the malware."

The agency said that several targets who did set up their firewalls that way "successfully blocked connection attempts" and had no "follow-on exploitation."

Wyden's office cited SolarWinds as saying that servers running its software had no need to send outbound traffic. Guidance from the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) has warned for more than a decade that servers that don't need to connect to the internet should be prevented from doing so - a principle that's akin to the idea that doors that don't need to be opened should be bolted shut.

The servers running SolarWinds inside government networks "should have had even more constraints around them," said Jason Garbis, who serves as the chief product officer for digital security company Appgate.

There's no suggestion that sealing the servers running SolarWinds off from the internet would have completely foiled last year's hacking campaign; the spies used a variety of sophisticated tactics to carry out their espionage work.

But Garbis said following security best practices would have made government networks "much more resilient to these types of attacks."

(Reporting by Raphael Satter; editing by Jonathan Oatis)

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights


Next In Tech News

Olympic athletes inspire robotic zen garden in Tokyo
Instagram says some users having issues with platform
Micron kicks off dividend payments, shifts to 'opportunistic' share buybacks
AT&T's DirecTV to become standalone video business
Twitter partners with AP, Reuters to battle misinformation on its site
Google to launch own processor for upcoming Pixel phones
Ferrari boss has no fears over electric future
Facebook's Kustomer deal may hurt competition, EU regulators say
Uber, Lyft seen boosted by return of riders, but driver shortage, stubborn virus cloud outlook
Hong Kong police arrest two men in crackdown on website selling more than 30,000 upskirt photos and videos

Stories You'll Enjoy