Security News

The FBI has been tasked with collecting intelligence that can help attribute the attack to a threat actor and disrupt their activities. The agency is also working with victims to obtain information that can be useful to the government and network defenders.

The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.

The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence. The National Security Council has established a Cyber Unified Coordination Group following the SolarWinds breach to help the intelligence agencies better coordinate the US government's response efforts surrounding this ongoing espionage campaign.

Threat actors are targeting K-12 educational institutions in the United States to deploy ransomware, steal data, or disrupt distance learning services. In a joint alert this week, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center warned of continuous attacks targeting K-12 educational institutions.

U.S. DHS Cybersecurity and Infrastructure Security Agency has warned admins to upgrade their vulnerable OpenSSL instances immediately. OpenSSL advisory states, one place where the GENERAL NAME cmp function is used is when OpenSSL validates a certificate's CRL distribution point field.

"Unfortunately, despite some of the conveniences and efficiencies that remote work can provide, it has greatly expanded the attack surface for all businesses, including think-tanks," Banda said. In late October, CISA warned that the North Korean APT group known as Kimsuky is actively attacking think-tanks, commercial-sector businesses and others, often by posing as South Korean reporters.

Threat actors are continuously targeting United States think tanks, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warn. The adversaries, CISA and the FBI say in an advisory this week, attempt initial access through spear-phishing and third-party messaging services, targeting both corporate and personal accounts of intended victims.

"While the presence or absence of one individual or entity only has a limited effect on the overall risk posture of our nation, to be sure, without the kind of transformative leadership that Chris Krebs showed as the leader of a new agency in CISA and his effort to promote collective defense capabilities across the public and private sectors, we could go back to the historical siloed approach of defense limiting the progress we've made in recent years. Our adversaries are going to be punching from all angles and coming at us in an organized manner, so we also need to defend in the same way." "While unlikely that the firing of the CISA Director will inspire cyber attacks from abroad on critical infrastructure in the US because systems appear more vulnerable today than yesterday, industry partners, observers, and US citizens certainly will be skeptical of any statements made by CISA about the election or anything else between now and January 2021.".

Government officials and cybersecurity experts alike condemned President Trump's firing of Christopher Krebs by tweet Tuesday, as the director of the Cybersecurity and Infrastructure Security Agency became the latest victim of the president's housecleaning efforts after his failed bid at a second term. Krebs was appointed by Trump in 2018 as the first director of the Department of Homeland Security's CISA. However, he challenged the president by trying to debunk false claims Trump has made suggesting that the recent 2020 presidential election was rigged against him-the reason why Krebs was sacked, observers said.