Articles

US government calls for better information sharing in wake…

The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success.

As the federal government grapples with Russia and China’s widespread and damaging hacks, the Biden administration is seeking new methods for better early threat detection of these sophisticated intrusions. Both the SolarWinds espionage hack attributed to Russian operatives and the exploits of the Microsoft Exchange server vulnerabilities attributed to China were uncovered by private firms, cybersecurity giant FireEye and Microsoft.

Both attacks originated on servers within the US, placing them out of reach of the National Security Agency’s (NSA’s) powerful detection capabilities, which US law restricts to international activities. The new cybersecurity leadership in the Biden White House is brainstorming methods to establish new early warning systems that combine traditional intelligence agency methods with private sector expertise. The White House announced on March 17 the formation of a task force it calls the Unified Coordination Group consisting of federal and private sector representatives charged with finding a “whole of government” response to the Microsoft Exchange attack.

Reportedly chief among the new approaches is establishing more profound information-sharing methods with the private sector. The concept is to set up a real-time threat sharing mechanism where data could be sent to a central repository and paired with intelligence gathered by the NSA and other intel agencies to provide organizations with more immediate threat warnings.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Clint Patterson on Unsplash

 

Articles

Why the Microsoft Exchange Server attack isn’t going away…

For some victims, patching and proper forensics will be difficult, plus new threat actors are now exploiting the same Exchange Server vulnerabilities.

On March 2, Microsoft revealed a critical cybersecurity offensive launched by a foreign adversary against organizations in the United States. The company attributed the attacks to a Chinese advanced persistent threat group it calls Hafnium. Microsoft quickly announced patches for the four previously unknown vulnerabilities in Exchange Server that the malicious actors had exploited.

Reports circulated last week that the hackers compromised at least 30,000, and likely hundreds of thousands, of unpatched Exchange servers. As a consequence, incident responders are working around the clock responding to this latest threat, which they consider an actual attack on public and government IT infrastructure, unlike the still-ongoing, primarily espionage-oriented SolarWinds hack.

The Biden Administration, already grappling with the fallout from the massive SolarWinds hack, which became public in December and has been widely, although not officially, attributed to Russian hackers, said it would take” a whole of government response to assess and address the impact.” Anne Neuberger, the deputy national security adviser for cybersecurity, leads that effort.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Clint Patterson on Unsplash