Washington (AFP)
A senior US official said on Friday that the Biden administration would be preparing to decide on a response to the recent cyberattacks, as concern grows over the consequences of the latest one.
The senior official, who declined to be identified, said the White House was working closely with the private sector to quickly build better cyber defenses following the attack targeting Microsoft's Exchange mail service servers.
The attack came months after the attack on SolarWinds security software, which potentially compromised thousands of government and private sector computer networks.
US officials had previously hinted that action against Russia could be taken, as Moscow has been linked to the attack on SolarWinds.
The latest statements from the senior official suggest that a response is imminent.
"You can expect further announcements on this subject in a few weeks, not a few months," the senior US official said in a meeting with the press on the two cyberattacks.
Federal agencies have made progress in fixing systems in the nine agencies affected by the attack on SolarWinds, he added.
But an emergency operation is underway to remedy the attack on Microsoft Exchange, which opened up security holes, actively exploited by cybercriminals, and others.
To find solutions, "for the first time we have invited private sector companies to participate" in major national security meetings about the attacks, also stressed the senior official, who says the response "is still underway. to evolve ".
According to him, "we really have a short window of time to fix vulnerable servers", "it's a matter of hours, not days".
- "Destructive" attacks -
For Microsoft, a new type of ransomware exploits the security flaw resulting from the attack on the American computer giant's Exchange servers.
And according to cybersecurity experts, the massive attack could do significant damage.
"We have detected and are blocking a new family of ransomware used after an initial attack on local Exchange servers not updated," Microsoft's security department said on Twitter Thursday evening.
This software, dubbed "DearCry", was detected after the attack attributed to "Hafnium", a group of Chinese hackers supported by Beijing according to experts.
It is believed to have affected at least 30,000 organizations, including businesses, cities, and local communities in the United States.
Other specialists, including ID Ransomware founder Michael Gillespie, on Thursday detected the software that encrypts computer systems and demands a ransom to unlock them.
"It will be easy to make updates to prevent future intrusions, but not to correct the systems that have been attacked," said Brent Callow, of computer security firm Emsisoft.
"It is absolutely essential that governments quickly develop a strategy to help businesses secure their Exchange servers and fix vulnerabilities before the already dire situation gets worse," he added.
This week, the FBI and the Department of Homeland Security (DHS) had already warned of the vulnerability of Exchange.
It could be exploited to "compromise networks, steal information, encrypt data for ransom demand, or even carry out destructive attacks," according to a joint statement.
DHS's cybersecurity department has called for the creation of a single patch for government and the private sector, as experts want strong measures from the Biden administration, such as "hack back", a cyber-response that consists of to hack in return.
© 2021 AFP