A Better Kind of Cybersecurity Strategy

fliptop writes:

Bruce Schneier has done an analysis of Russia's (alleged) recent attack on U.S. government agencies:

Here's what we know: Orion is a network management product from a company named SolarWinds, with over 300,000 customers worldwide. Sometime before March, hackers working for the Russian SVR - previously known as the KGB - hacked into SolarWinds and slipped a backdoor into an Orion software update. (We don't know how, but last year the company's update server was protected by the password solarwinds123" - something that speaks to a lack of security culture.) Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks.

This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself - and can affect all of a supplier's customers. It's an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone.

Schneier later adds:

While this is a security failure of enormous proportions, it is not, as Senator Richard Durban said, virtually a declaration of war by Russia on the United States." While President-elect Biden said he will make this a top priority, it's unlikely that he will do much to retaliate.

MIT news had a recent piece on a new model that demonstrates why countries that retaliate too much against online attacks make things worse for themselves:

Read more of this story at SoylentNews.