New York (AFP)
Washington takes cyber attacks that have targeted federal services in the United States as well as businesses and that could have been coordinated by a foreign government very seriously, especially as these hacks are likely to increase.
The American agency in charge of cybersecurity and infrastructure security (Cisa), attached to the Ministry of Homeland Security, issued an emergency instruction on Sunday evening after the revelation of these hacks.
"Tonight's directive aims to reduce potential risks within federal administration networks. We urge all of our partners - in the public and private spheres - to assess their exposure to this risk and to secure their networks against all exploitation, ”implored Brandon Wales, Cisa's boss.
- What happened -
According to the computer security group FireEye, itself the victim of cyber attacks last week, governments and companies in the consulting, tech and energy sectors have been targeted in North America, Europe, Asia and in the Middle-East.
In the United States, the departments of the Treasury and Commerce as well as several federal agencies have been affected, according to press reports.
Hackers have infiltrated the computer systems of these different entities, taking advantage of an update of computer monitoring software developed by the company SolarWinds and used by tens of thousands of companies and administrations around the world.
"This campaign possibly started as early as the spring of 2020 and is continuing today," FireEye said in a blog post, which specifies that cybercriminals attempted to infiltrate all of their targets' networks and steal Datas.
The content that the pirates sought to steal and the possible success of their attempts are not yet known.
- Russia suspected -
The methods used, however, bear the mark of a state actor, believes Microsoft, which is also investigating these attacks.
"We believe this is a large-scale nation-state operation targeting both government and the private sector," the computer giant said in a blog post.
If Microsoft is careful not to name a country, several American media have pointed the finger at the Russian group "APT29", also known under the name of "Cozy Bear".
According to the Washington Post, this group is part of Moscow's intelligence services and has already hacked into the US administration during Barack Obama's presidency.
In a statement posted on Facebook, the Russian Embassy in the United States categorically denied these accusations, assuring that "Russia is not conducting offensive operations in cyberspace".
For Hank Schless, of the Californian cybersecurity company Lookout, the public sphere as the private sphere must increasingly be wary of hacks orchestrated from abroad.
"Hostile nation-states recognize the value of targeting both sectors, which means that neither is immune from such attacks, backed by government resources," the expert explains.
- Recommendations -
Faced with this growing threat, Cisa ordered all US federal agencies to immediately disconnect from the SolarWinds platform.
FireEye and Microsoft also listed a series of recommendations, including renewing passwords, using antivirus software, and reviewing devices using the pirated software.
According to Matt Walmsley of Vectra, a California provider of cyberattack detection services, hacks like the one revealed on Sunday are set to increase, presenting new challenges for businesses and governments alike.
"Security teams must radically reduce the risk of intrusion by immediately identifying and understanding who is accessing their data or modifying their configurations, regardless of how these actors operate and where they are located," advises Mr. Walmsley .
© 2020 AFP