intrusion detection (sdecoret/Shutterstock.com)

Joint advisory warns of Russian operations targeting cloud, email

The Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency and the FBI on Monday issued a new advisory describing ways to counter tactics and techniques used by Russia’s SVR foreign intelligence service, the attackers behind the intrusion involving SolarWinds.  

The advisory describes how the agencies noticed the SVR shift its tactics from using malware to targeting the cloud and email servers as a way to gather information, which was done when exploiting SolarWinds software and flaws in Microsoft Office 365.  

“Targeting cloud resources probably reduces the likelihood of detection by using compromised accounts or system misconfigurations to blend in with normal or unmonitored traffic in an environment not well defended, monitored, or understood by victim organizations,” according to the advisory. 

Few SolarWinds victim organizations were able to identify the initial access vector, but some were able to correlate different alerts to identify unauthorized activity, the advisory states: “The FBI and DHS believe those indicators, coupled with stronger network segmentation (particularly ‘zero trust’ architectures or limited trust between identity providers) and log correlation, can enable network defenders to identify suspicious activity requiring additional investigation.”

The advisory also describes the SVR’s leveraging of zero-day vulnerabilities, the use of password-spraying exploits and the “WELLMESS” malware that targeted COVID-19 vaccine development 

“These intrusions, which mostly relied on targeting on-premises network resources, were a departure from historic tradecraft, and likely indicate new ways the actors are evolving in the virtual environment,” the advisory says of a 2020 WELLMESS attack on the governments of the U.S., Canada and United Kingdom. 

To prohibit misuse of their services, the FBI and DHS are recommending service providers strengthen their user validation and verification systems.

About the Author

Justin Katz is a former staff writer at FCW.


Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected