CISA: SolarWinds Hackers Got Into Networks by Guessing Passwords Dr Flash/Shutterstock.com
email January 7, 2021
The agency also highlighted new indicators of compromise and recommendations for mitigating follow on activity involving Microsoft Cloud users.
Perpetrators of a widespread, intelligence-gathering campaign used common hacker techniques to get through passwords in addition to more sophisticated methods, according to an update to the Cybersecurity and Infrastructure Security Agency’s alert.
“CISA incident response investigations have identified that initial access in some cases was obtained by password guessing, password spraying, and inappropriately secured administrative credentials accessible via external remote access services,” reads the activity alert updated Wednesday.
By Justin Katz
The Cybersecurity and Infrastructure Security Agency says it has evidence that hackers are breaching the federal government s networks by other paths than the recently discovered vulnerabilities in SolarWinds Orion. Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with this adversary s behavior is present, yet where impacted SolarWinds instances have not been identified, according to updated guidance published Wednesday. CISA is continuing to work to confirm initial access vectors and identify any changes to the tactics, techniques, and procedures (TTPs).
Characteristics such as a SAML tokens having a 24-hour validity periods or not containing multi-factor authentication details where expected are red flags.
Microsoft admitted Thursday that the suspected Russian government hackers’ presence in its environment went beyond the software giant simply downloading malicious SolarWinds Orion code.
The far-reaching SolarWinds hack has hit not only federal agencies such as the Department of the Treasury, but computer systems for local U.S. governments as well. Credit: AFP via Getty Images
U.S. Cyber Agency: SolarWinds Attack Hitting Local Governments By
at 11:00 pm NPR
A U.S. cybersecurity agency said Wednesday that the far-reaching attack into the IT management company SolarWinds discovered earlier this month has infected more systems than previously thought.
Updated at 3:30 a.m. ET
The U.S. Cybersecurity and Infrastructure Security Agency, also known as CISA, said Wednesday that the hack not only affected key federal agencies, but also computer systems used by state and local governments, critical infrastructure entities and other private sector organizations.
U S Cyber Agency: SolarWinds Attack Hitting Local Governments bpr.org - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from bpr.org Daily Mail and Mail on Sunday newspapers.