Biden Administration Issues Russian Sanctions in Response to SolarWinds Hack, Election Interference
This isn't the first time the United States has sanctioned Russia for malicious cyber activity.
![Hacker looking at computer Hacker looking at computer](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt528314d392380abf/652453c52de6186c762c01ef/8-Vulnerable-Network-Hacker-1.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
The U.S government holding Russia accountable should not come as a surprise, said Joseph Carson, ThycoticCentrify‘s chief security scientist and advisory CISO.
“However, in situations such as these, lack of clear attribution is always vague,” he said. “The more we learn about the attribution, the more concrete accountability and action can be taken. The good news found in the statement is that the U.S. government supports a global cybersecurity approach, as no single country alone can win against global cybercrime and cyberattacks. A collaborative approach, where countries work together with transparency, is the only way to tackle cybercrime. Holding accountable those countries that provide safe havens for cyber terrorism with strong actions will be the best means of reducing future cyberattacks.”
Stefano De Blasi is a threat researcher at Digital Shadows. He said this isn’t the first time the United States has sanctioned Russian intelligence services for their malicious cyber activity.
“Two previous indictments were released in 2016 and 2018 for activity stemming from Russian interference in the U.S. elections,” he said. “Although the executive order quotes several incidents involving the Russian Federation in past years, this accusation’s main focus resides in the SolarWinds supply-chain attack reported in December 2020, which compromised several American governmental bodies and other critical infrastructure. As such, the recently issued executive order confirms that Russia’s foreign intelligence service (SVR) is considered the leading organization responsible for the cyber-espionage campaign.”
This executive order represents a “solid diplomatic response” to malicious activity conducted by the Russian Federation, De Blasi said. And it already has public support from the European Union and NATO, among others.
“Despite the accusations being made by Washington, it is likely that Moscow will deny the alleged accusations and respond diplomatically as well, while avoiding any further escalation of malicious cyber activity,” he said. “Soft power measures like financial sanctions and condemnations from the international community can be crucial tools to respond to harmful activity, but are unlikely to cause significant disruptions in the short term.”
Tim Wade is technical director of Vectra’s CTO team.
“This action underscores the increasing degree to which nation-states leverage non-government entities as a strategic extension of their state cyber capabilities, which include actors drawn from criminal organizations in addition to the private sector,” he said. “In this specific case, the Treasury has drawn a direct line of sight between these sanctions and the destabilizing role that the FSB (Russia’s successor to the KGB), GRU (Russia’s military intelligence agency), and SVR have played in the recent SolarWinds attacks. The degree to which this acts as an effective deterrence, however, remains to be seen.”
The University of California is warning its students and staff that a ransomware group might have stolen and published their personal data, and that of hundreds of other schools, government agencies and companies, nationwide.
A cyberattack targeted a vulnerability in Accellion, a third-party vendor used to securely transfer files, the university said Wednesday.
Purandar Das is CEO and co-founder of Sotero.
“The escalation of attacks on educational institutions is an interesting one,” he said. “First off, these are not new or unique. They are a continuation of the attacks on organizations in general. There may be a couple of reasons behind the recent rise. One, they may be a result of some of the vulnerabilities in third-party software that has impacted many organizations across a range of industries. Second, this is the peak admission season for colleges and universities. This is when their systems are stressed and they are also coming into possession of new student information. Think of the millions of high school students and their parents that are becoming a part of this world along with their sensitive information ranging from Social Security numbers, credit card info, bank account information and financial assets. Makes for ripe pickings.”
Schools tend to keep their educational and grading systems well-protected, Das said. They need to do the same with students’ private information.
The IT security industry has some catching up to do after turning its attention away from web application security amid the pandemic.
That’s according to the Invicti AppSec Indicator Report. It examines the prevalence of web vulnerabilities across more than 3,500 targets in every industry and more than 100 countries.
The findings show that as organizations shifted focus to support remote work and business continuity amid the challenges of 2020, web application security suffered.
Mark Ralls is Invicti Security’s president and COO.
“On one hand, we are seeing organizations start to refocus on web application security, but they are also dealing with top-down directives to review the security of the software vendors they use,” he said. “While obviously a response to SolarWinds and the threat of supply-chain attacks, this exercise is diverting resources from known and immediate risks.”
Many organizations were in the process of expanding their coverage and automation within web application security when COVID-19 hit, Ralls said.
“Given the breadth and depth of the web app attack surface at most companies, it’s critical that they get back on track,” he said. “And the only way to do that with limited resources is to get tools that use a lot of automation to discover, scan and enable remediation. Otherwise, they will never keep up, much less catch up, with evolving threats.”
Organizations were already behind before 2020, so it’s hard to see how they will catch up this year or any time in the next few years, Ralls said.
“We may see a return to the slow and steady improvement that was happening in previous years,” he said. “But even in that scenario, about 25% of web applications will have unresolved high-severity vulnerabilities. Bottom line, organizations need to take web application security much more seriously, and bring in the best tools and experts they can find they can find to have any hope of catching up.”
Darktrace, a British cybersecurity startup, this week announced its plans to go public on the London Stock Exchange’s premium market.
Poppy Gustafsson is Darktrace’s CEO.
“Our intention to list on the London Stock Exchange marks a major milestone in Darktrace’s history of rapid growth, and a historic day for the U.K.’s thriving technology sector,” she said.
Darktrace’s platform uses artificial intelligence (AI) to detect sophisticated cyber threats, from insider threat and criminal espionage, to ransomware and nation-state attacks. Its partners range from small consulting organizations, to traditional VARs, MSSPs and technology partners that offer solutions complementing its solution.
From fiscal year 2018 to fiscal year 2020, Darktrace’s revenue has grown from nearly $80 million to $199 million, at a compound annual growth rate of more than 58%. Its customer base has more than doubled during that time.
Darktrace, a British cybersecurity startup, this week announced its plans to go public on the London Stock Exchange’s premium market.
Poppy Gustafsson is Darktrace’s CEO.
“Our intention to list on the London Stock Exchange marks a major milestone in Darktrace’s history of rapid growth, and a historic day for the U.K.’s thriving technology sector,” she said.
Darktrace’s platform uses artificial intelligence (AI) to detect sophisticated cyber threats, from insider threat and criminal espionage, to ransomware and nation-state attacks. Its partners range from small consulting organizations, to traditional VARs, MSSPs and technology partners that offer solutions complementing its solution.
From fiscal year 2018 to fiscal year 2020, Darktrace’s revenue has grown from nearly $80 million to $199 million, at a compound annual growth rate of more than 58%. Its customer base has more than doubled during that time.
This week, the Biden administration handed down new Russian sanctions for its interference in the 2020 U.S. election, the massive SolarWinds hack and human rights abuses in Crimea.
According to CNN, the Russian sanctions followed the U.S. intelligence community’s annual report that says Russia “presents one of the most serious intelligence threats to the United States.”
The U.S. formally named the Russian Foreign Intelligence Service as the force behind the SolarWinds hack that affected the federal government and numerous private sector companies.
A number of cybersecurity experts in the channel weighed in on the Russian sanctions and whether they’ll potentially impact national cybersecurity.
Unclear Signal
Randy Watkins is CriticalStart‘s CTO.
Critical Start’s Randy Watkins
“While the sanctions send a signal to Russia, it’s unclear which signal,” he said. “It’s also noteworthy that most of the hacks done by Russia are not actually done by government employees, but rather government-sanctioned cyber crime groups, which these sanctions would have little effect on. The sanctions imposed named multiple scenarios for their justifications, including not just the cyberattack on SolarWinds, but also election interference and aggression in Ukraine.”
The targeting of some Russia-based security companies is a bit more pointed, Watkins said. However, it’s much less impactful than some of the economic sanctions that could be interpreted as punishment for any of the other reasons named.
“Cyberattacks will continue, undoubtedly,” he said. “It was a dumb mistake, likely of arrogance, that surfaced their attacks. Lumping the response to these attacks with other reasons, however merited, has potentially diluted the focus.”
Russia is likely still in the black when they evaluate the risk and reward, Watkins said. That’s even if the attacks were the focal point of the sanctions.
Scroll through our slideshow above for other cybersecurity experts’ thoughts on the sanctions; plus, other cybersecurity news this week.
About the Author(s)
You May Also Like