Computer security experts said Tuesday that a large number of cyber-attack writers targeting nearly 18,000 companies in the United States by 2020 were “disciplined and focused”, pointing to the need to share information on existing threats.
Also read: Bomber victim to cybertalk
The attack began in March as hackers took advantage of an update to monitor software developed by Solar Winds, a Texas company used by dozens of businesses and governments around the world.
Computer systems of U.S. government agencies, including state, commercial, treasury, homeland security, and the National Institutes of Health departments, are also targeted.
The attack was discovered in December by a computer security group called FireE, the victim of a cyber-attack.
Fire hacker Kevin Mandia told the Senate Intelligence Committee that the hackers were “disciplined and focused.” “They are targeting specific goals, they have a planning and data collection program,” he says.
“We have substantial evidence representing the Russian Foreign Intelligence Agency, and no evidence leads us anywhere else,” said Microsoft President Brad Smith in his part.
U.S. officials have already named Russia as the main culprit in the attack, and the government is studying the possibility of imposing sanctions on Moscow, the Washington Post reported Tuesday.
In December, Microsoft revealed that hackers were accessing part of the company’s computer code by hacking into an employee’s account.
According to Brad Smith, “the most advanced attack we have ever seen” involved at least 1,000 highly skilled and efficient engineers, including companies in Mexico, Canada, and Great Britain. Brittany, Belgium, Spain and the United Arab Emirates.
Another flaw that hackers use is their lack of authority to centralize information on cybertalks, and Smith said Microsoft agreements with government agencies prevent the company from communicating about attacks with other agencies.
Among the ways to explore is the idea of forcing a cyber-attack victim to give a “secret notification” to the government agency responsible for sharing intelligence.
The owner of FireE insisted that companies such as Solar Winds need legal protection in the event of a lawsuit being filed by their customers who are victims of cybertocks.