At a glance.
- US responses to the SVR's backdooring of SolarWinds.
- More anti-trust suits hit Google.
US response to the SolarWinds supply chain compromise.
CyberScoop reports that the US National Security Council (NSC) has convened the Cyber Unified Coordination Group (UCG), an emergency response team instituted in 2016 by Presidential Policy Directive 41, to manage the SolarWinds fallout. The UCG, which has been quietly activated several times over the past few years, is guided by the Departments of Justice and Homeland Security in addition to the FBI, National Cyber Investigative Joint Task Force, and Office of the Director of National Intelligence. The team will handle congressional inquiries and lead strategy and intelligence sharing meetings with international allies, private sector leaders, and government agencies.
US National Security Advisor Robert O’Brien returned early from an overseas visit and has been holding additional meetings, as has the Cyber Response Group (CRG), an NSC team consisting of Secret Service, CIA, NSA, Treasury, Defense, State, Energy, Commerce, Justice, and Homeland Security representatives. Former NSC Director for Cyber Incident Response Anthony Ferrante commented, “We were given so much confidence going into the presidential election that the U.S. government had insight into what nation-states might do, but does this attack suggest that we didn’t actually know everything?”
Cyberspace Solarium Commission leader Mark Montgomery said, “The federal government is not currently organized to successfully defend itself, or the nation’s critical infrastructure, from threats in cyberspace.” He recommends creating a National Cyber Director and enhancing public-private information sharing as well as expanding CISA’s capabilities with .gov threat hunt permission and extra Hunt and Incident Response Teams.
Eran Farajun, EVP at Asigra, commented in an email on the dangers inherent in the very useful remote monitoring management (RMM) software. "RMM was and remains a soft underbelly for attacks and backup software is integrated into the SolarWinds RMM platform Orion," he wrote. "In the same ways that RMM was compromised and used as a proxy to traverse into the source network and machines and exfiltrate data (in this case for espionage purposes by Vlad’s Lads, according to some sources) a threat actor can do it for profit with ransomware. The same happens with backup. Once you are in through the RMM, it is a hop skip and a jump over into the integrated backup app. The best defensive strategy is to keep these important apps SEPARATE, and protect them as one protects other vital production systems." "Vlad's Lads" would be the SVR crew also known as Cozy Bear.
It won't be an easy fix. While the "killswitch" KrebsOnSecurity reported that FireEye, Microsoft, and GoDaddy developed is surely welcome, it's not a comprehensive remediation. It will disable whatever Sunburst backdoors are beaconing to avsvmcloud[.]com, but as FireEye said in a widely quoted statement, "this actor moved quickly to establish additional persistent mechanisms to access...victim networks beyond the SUNBURST backdoor."
Google hammered with antitrust suits.
Yesterday ten US states filed suit against Google for coordinating with Facebook on online advertising, according to Reuters. Texas, Indiana, and eight other states with Republican prosecutors are seeking compensation and “structural relief.” Google described the action as “meritless.” Separately, Genius Media Group joined a coalition of digital media companies to file a putative class action suit alleging lost income due to Google’s monopolist practices. A bloc of state attorneys general is forecast to file yet another antitrust suit today.
Google and Facebook combined cover half the world’s online advertisement market, with Google recording nearly $40 billion in ad revenue last quarter. The search giant stands accused of manipulating ad auctions in its favor, fleecing competing entities, and colluding with Facebook to cripple rivals, along with other trickery. Texas’ Attorney General remarked that Google has “positioned itself as the pitcher, the batter and the umpire.” This week’s suits follow the Justice Department’s October antitrust filing.