While China is a serious threat and the last administration pushed on that hard, that administration ignored Russia.
Today the National Security Agency, the FBI and the Cybersecurity and Infrastructure Security Agencies issued a joint alert titled Russian SVR Targets U.S. and Allied Networks.
The NSA, FBI and CISA said that the Russian Foreign Intelligence Service or SVR is behind the exploitation of 5 publicly known vulnerabilities.
The Feds also announced that Russia and the SVR were the ones behind the SolarWinds attack and all the other attacks surrounding SolarWinds.
In addition to the SolarWinds attack, they are crediting/blaming Russia for:
- Fortinet Fortigate VPN
- Synacor Zimbra Collaboration Suite
- Pulse VPN
- Citrix Application Delivery Gateway
- VMWare Workspace ONE Access
The advisory is available here.
The FBI and their cousins also provided some very specific actions to take, here.
Here is the problem. These actors are pros. These are not random attacks.
In the SolarWinds attack they went after heavily defended federal agencies as well as a lot of big companies.
The Feds are saying that you should assume a breach will happen. Note that they did not say assume a breach might happen.
They said to implement network segmentation.
Enable robust logging
Prepare for incident response.
It seems like they are saying that we are fighting a war.
The feds will do their part to try and identify them and slow them down, but this is more of an art than a science.
One bit of good news is that the NSA is sufficiently embarrassed for missing SolarWinds that they are on high alert. That should help. HELP, but not prevent.
Historically, the NSA spent 90% of their budget on offense and 10% on defense. While we don’t know what those numbers are today, the pendulum has definitely moved.
And this is good for every business in America.
Be prepared. Credit: NSA