Cyber Adversaries Escalate Solarwinds Attack

Via the SolarWinds’ breach, cyber attackers may have gained access to email accounts that belong to US Department of Justice employees. “At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted,” stated DOJ spokesperson, Marc Raimondi.

The US Department of Justice retains roughly 115,000 employees, including those employed with the FBI and federal prisons.

At present, the number of compromised DOJ employee email accounts hovers around 3,450.

The US Department of Justice issue was first documented on Christmas Eve. Since then, IT administrators have blocked attackers’ access points.

As the issue receives further attention, the DOJ will provide critical information to lawmakers and relevant governing bodies, as required by law.

US Department of Justice and national security consequences?

 The cyber attacks affecting the US Department of Justice and other US federal agencies may or may not have an impact on America’s national security.

Because the full extent of the damages remains unknown, the implications surrounding data misuse are also unspecified.

How has the national security division of the US Department of Justice responded?

There’s a certain “symmetry” in the recent spate of attacks and in the 2016 election-related cyber meddling. “…There’s a lot of confidential and sensitive information that is transmitted and stored on unclassified systems, a lot of information that would be of interest to a foreign state…trying to learn about our intentions…” says John Demers, assistant attorney general for national security.

 Which other federal organizations experienced SolarWinds fallout?

Nearly a dozen US government agencies publicly admitted becoming victims of the SolarWinds supply chain attack.

“The number of [federal victims] is likely to grow with further investigation,” stated Brandon Wales, the acting director of the US Cybersecurity and Infrastructure Security Agency (CISA).

Within the US government, identifying the precise networks that were breached is a challenge, as federal networks may contain software code that’s no longer in use.

Consequently, modern IT experts may be unfamiliar with the details of the code and how to comb through them.

 What will the cost of SolarWinds’ attack damage add up to?

 Estimates on the total cost of the breach vary, and one estimate runs upwards of $100 billion. This figure is based on the cost of cleaning up a single cyber breach multiplied by 18,000, the number of public and private entities hit by the SolarWinds attack.

How can the US prevent a SolarWinds’ style event in the future?

The first step is focusing on what could be done differently. This list of suggestions merits serious consideration:

  • Acting director of CISA, Brandon Wales, states that more authorities and more resources are needed to shore up US cyber security. The incoming presidential administration agrees and promises to make cyber security a top priority.
  • Agencies may need to reimagine the fundamental structure of data safeguards on federal machines, on-prem networks, clouds and servers. Otherwise, federal cyber security professionals will never get any sleep.
  • Lawmakers may wish to rethink legislation around federal cyber security requirements. In doing so, they’ll need to ensure that they’re asking the right set of questions and that the laws correspond to current technological and cyber security trends.
  • Increased levels of threat intelligence sharing can help prevent supply chain attacks. Some AI technologies are capable of monitoring third-party supply chain ecosystems in real-time.
  • The cyber adversary who facilitated the SolarWinds attack is closely observing the US’ cyber defense response. Encrypting federal communications is key in preventing cyber adversaries from spying on the US playbook.