Nearly 18,000 companies in the United States were targeted in 2020 in what experts, pointing to Russia, called an attack on Tuesday “The most sophisticated ever”.
The perpetrators of a massive cyberattack that targeted nearly 18,000 companies in the United States in 2020 were “Disciplined and focused”IT security experts said Tuesday, February 23, pointing to the need to share information on existing threats. The attack began in March, with hackers taking advantage of an update to monitoring software developed by a Texas company, SolarWinds, used by tens of thousands of businesses and governments around the world. Computer systems of US government agencies, including the Departments of State, Commerce, Treasury, Homeland Security and National Institutes of Health were also targeted. The attack was discovered in December by the computer security group FireEye, itself the victim of cyberattacks.
The Pirates “Were disciplined and focused”FireEye boss Kevin Mandia told the Senate Intelligence Committee. “They were targeting specific targets, they had a plan and a data collection program”, he said. “We have substantial clues that point to the Russian Foreign Intelligence Agency, and no clue leads us anywhere else,” for his part estimated the president of Microsoft Brad Smith. The US authorities have already identified Russia as the main suspect in this attack and the Washington Post The government said on Tuesday was studying the possibility of imposing sanctions on Moscow.
The need for centralized authority
Microsoft revealed in December that hackers had gained access to part of the company’s computer code by hacking into an employee’s account. According to Brad Smith, “At least 1,000 engineers, very qualified and capable” participated in the attack “The most sophisticated we have ever seen so far” which also targeted companies in Mexico, Canada, Great Britain, Belgium, Spain and the United Arab Emirates.
Another flaw used by hackers is the lack of an authority to centralize information on cyberattacks while Microsoft’s contracts with government agencies prohibit the company from communicating about attacks with other agencies, Smith added. Among the avenues to explore, the president of Microsoft has suggested the idea of forcing a company victim of a cyberattack to make a “Confidential notification” to a government entity that would be responsible for intelligence sharing. The boss of FireEye insisted on the need for legal protection for companies like SolarWinds in the face of possible lawsuits from its customers who are victims of cyberattacks.