As attacks that increase vulnerabilities increase, the window for updating exposed servers is incredibly short – “measured in hours, not days,” a senior administration official told reporters.
President Joe Biden was informed about Exchange hacks earlier this week, the official said.
“He got very involved with the topic, asked a lot of questions about the topic and made it clear that he instructed us to address cybersecurity vulnerabilities and that we approach the topic seriously on purpose,” the official told reporters.
For the first time, the United States government invited members of the private sector to join the multi-agency task force created in response to server software failures, the official said. Private entities will have access to compartmentalized confidential information facilities across the country in order to participate in confidential discussions when necessary, the official added.
US intelligence agencies are not seeking any additional legal authority to monitor domestic cybersecurity incidents, the official added, as the Biden government believes that public-private partnerships are the ideal model for detecting and mitigating cybersecurity threats. .
The White House is not yet ready to blame the attacks on the Microsoft Exchange, national security adviser Jake Sullivan said on Friday.
“I am not in a position to be here today to provide attribution,” he said at a press conference at the White House. “But I assure you that we will be in a position to attribute this attack at some point in the near future, and we will not hide the ball in that. We will move forward and say who we believe to have carried out the attack.”
Rising attacks
Attacks resulting from Exchange software failures are on the rise. On Thursday, Microsoft and security researchers warned that the vulnerabilities are now being combined with another powerful cyber security threat: ransomware, which blocks a computer or network files and holds them hostage until the victim pays a fee.
Security experts at Palo Alto Networks estimated on Thursday that at least 20,000 U.S.-based Exchange servers remain unpatched and vulnerable to exploitation, and up to 80,000 worldwide.
Other security researchers say the pace of attacks on Exchange servers is increasing as opportunistic hackers seek to take advantage of the openness found by Hafnium, the group that Microsoft said was responsible for the original breaches and is “assessed as state sponsored and operating out of the box. from China. “
The number of attempts to attack organizations has doubled every two to three hours, according to Check Point Research, which monitors the Internet for malicious activity.
Adding ransomware to the volatile mix only increases the danger for vulnerable organizations, said John Hultquist, vice president of analysis at Mandiant Threat Intelligence.
“While many of the organizations still unpatched may have been exploited by cyber espionage agents, criminal ransomware operations can pose a greater risk, as they disorganize organizations and even extort victims by releasing stolen emails,” said Hultquist. “Ransomware operators can monetize their access by encrypting emails or threatening to leak them, a tactic they have recently adopted.”
Management planning to respond
In Friday’s conference call with reporters, the senior administration official outlined several steps that the Biden administration plans to take in response to the security incidents of SolarWinds and Microsoft Exchange, but warned that a direct response to SolarWinds hackers is still weeks away. from distance.
The nine federal agencies that were compromised by the SolarWinds intrusion underwent a four-week review, some still reviewing their systems to make sure that foreign adversaries were completely expelled, the official said. Those who have not completed their assessments must be completed by the end of the month.
The officer provided few details about a response to the perpetrators of suspected Russian hackers behind the SolarWinds intrusions.
“You can expect new announcements about this in weeks, not months,” said the official.
The government’s internal review found “significant gaps in modernization and cybersecurity technology across the federal government,” said the official. “We will be deploying technology to address the gaps we have identified, starting with the nine committed agencies” and then more broadly across the federal government.
Throughout the process, the White House held regular meetings with the deputy heads of the committed agencies.
In just a few weeks, the official said, the White House will launch an executive action that includes ideas to strengthen the country’s cybersecurity, including proposals to assign letter cybersecurity ratings to software vendors used by the federal government. The idea is inspired by Mayor Michael Bloomberg’s sanitation notes for restaurants. Another concept is based on Singapore’s cyber security standards for consumer devices connected to the Internet. The goal, the official said, is to create a “market” for cybersecurity, where companies would compete for high security ratings.
CNN’s Betsy Klein contributed to this report.