FireEye clear that APT29 not behind attacks, says Dragos chief
source link: https://www.itwire.com/security/fireeye-clear-that-apt29-not-behind-attacks,-says-dragos-chief.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Saturday, 19 December 2020 18:36
FireEye clear that APT29 not behind attacks, says Dragos chief Featured
By Sam VargheseImage by ItNeverEnds from Pixabay
Breached cyber security company FireEye has explicitly said that the alleged Russian group APT29 is not behind the attack on its own infrastructure and a number of other private and public firms, according to the head of security company Dragos.
Robert M. Lee, a former NSA hacker and the founder and chief executive of Dragos, told the CyberWire podcast that FireEye had made it clear that a new group was to blame for the widespread intrusion that has seen growing alarm within the US Government over the extent of infiltration.
"Originally, people came out and attributed this to Russia and APT29, but FireEye was very explicit that it's not APT29. it's a new group they are tracking," he said.
NEC's Kudlow just spoke to reporters, per pool report.
On SolarWinds, he said, "I don’t know totally who’s responsible. People are saying Russia. I don’t know that. It could be other countries. I just don’t know."
He said he wasn't an expert & referenced "the cyberspace boys."— Eric Geller (@ericgeller) December 18, 2020
"We have seen some people, senators and the like, come out and say it's Russia, but we don't know at this point, it's too early in the game."
He said one thing that worried him was the fact that the SolarWinds software was used by numerous other industrial outfits after having been rebadged. These outfits looked after many essential services and this meant those networks could be open to compromise as well and for a long time too.
Lee, whose company focuses on security of industrial control systems, said companies that concentrated on firewalls and anti-virus software would not have the necessary logs to know they had been compromised. This meant they could be open to the attackers for a long time and that was a fairly frightening scenario.
The attack came to light this month soon after cyber security firm FireEye announced on 9 December AEDT that it had been compromised and had its Red Team tools stolen. However, the company made no mention of when it had noticed this breach.
Five days later, the firm issued details about attacks using malware which it called SUNBURST, which it said had been used to hit both private and public entities, through the Orion network management software which is a product of SolarWinds.
A number of US Government departments — Homeland Security and Treasury among them — have been named as being affected. FireEye, too, appears to have been a victim. The Orion software has very wide usage in the US and also in Britain.
A Yahoo! News report on Saturday morning made the claim that the attackers had been inside SolarWinds' system since at least mid-2019.
The attribution of the attacks to Russia has been made by only one publication, the Washington Post, with the individual who wrote the report, Ellen Nakashima, being the same person who started the now-discarded theory that Russia was responsible for email leaks to WikiLeaks during the 2016 presidential election.
No US Government agency or private security firm has made any attribution, apart from stating the obvious, that the attacks were very well crafted and had to be by a well-resourced outfit.
Lee said it was not reasonable to expect the government to be the security guarantor for private firms and that the latter had to look after themselves.
He was scathing about companies that offered so-called magic AI solutions that were claimed to be the ultimate preventive, adding that he did not want to hear even one mention of bastardised implementations of the intrusion detection software Snort being sold by this vendor or that.
Subscribe to ITWIRE UPDATE Newsletter here
GRAND OPENING OF THE ITWIRE SHOP
The much awaited iTWire Shop is now open to our readers.Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.
PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.
Products available for any country.
We hope you enjoy and find value in the much anticipated iTWire Shop.
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK