The details and scope of this event continue to evolve and I don’t think we know the full nature of what has happened yet.
New information that has emerged since our previous post includes:
- Initial reports said the attackers were in place since March, but we now know that the attackers conducted a dry run as a test as early as October 2019. They were probably in place a long time before that. This is likely a multi-year effort and we may never know the actual start date.
- The dry run did not contain an active payload but was meant to test the deployment mechanisms to make sure no detection was tripped before the actual attack was launched.
- While the full list of entities affected is unknown, the list of companies and agencies known to be affected continues to grow, and includes the most advanced cyber-defenses in existence. Examples include:
- U.S. Department of Defense
- U.S. Department of Homeland Security
- U.S. State Department
- The Cybersecurity and Infrastructure Security Agency (CISA)
- U.S. Department of Energy
- U.S. Treasury
- U.S. National Nuclear Security Administration
- Mastercard and Visa
- Microsoft admits that their source code was accessed but claim the account used did not have rights to make modifications. Hopefully this means Windows source code did not get implanted with back doors, but it does mean that it’s possible malicious actors are reading through the Windows Firewall or Office 365 code looking for holes and ways to attack as we speak.
A firewall, anti-virus and data backups are no longer enough to protect your business from compromise or to detect one if it occurs. Medicine Bow Technologies provides 13 individual security services for all of our managed clients, and the expertise to use them to help keep you safe. If you don’t have that much protection call us now to set an appointment at (307) 721-4050