As attacks that exploit the vulnerabilities have increased, the window for updating exposed servers is incredibly short – ‘measured in hours, not days’, a senior administration official told reporters.
President Joe Biden was briefed on the Exchange hacks earlier this week, the official said.
“He was very engaged on this topic, he asked many questions on this topic and made it clear that he pointed out that we address cybersecurity vulnerabilities and that we are seriously addressing this issue with purpose,” the official said. told reporters.
For the first time, the U.S. government has invited members of the private sector to participate in the multi-agency task force set up in response to bugs with the server software, the official said. Private officials will have access to sensitive information facilities across the country to participate, where necessary, in classified discussions, the official added.
U.S. intelligence agencies are not seeking any additional legal authorities to monitor for domestic cyber-security incidents, the official added, as the Biden government believes public-private partnerships are the ideal model to detect and mitigate cyber-security threats.
The White House is not yet ready to blame the Microsoft Exchange attacks, national security adviser Jake Sullivan said earlier Friday.
“I am not in a position to stand here today to make a statement,” he said in a White House press release. ‘But I promise you that we will be able to attribute the attack at some point in the near future, and we will not hide the ball on it. We will come forward and say who we believe carried out the attack. “
Attacks increase
Attacks due to errors in the Exchange software increase. Microsoft and security investigators warned Thursday that the vulnerabilities are now combined with another powerful cybersecurity threat: ransomware that locks a computer or files from a network and holds them hostage until the victim pays a fee.
Security experts at Palo Alto Networks on Thursday estimated that at least 20,000 U.S.-based Exchange servers remain unmanaged and vulnerable to exploitation, and as many as 80,000 worldwide.
Other security researchers say the rate of attacks on Exchange servers is rising as opportunistic hackers try to take advantage of the opening found by Hafnium. The group that Microsoft said is responsible for the original violations and is considered a state support and work of China. ‘
According to Check Point Research, which monitors the Internet for malicious activities, the number of attempts at organizations doubles every two to three hours.
The addition of ransomware to the volatile mix only increases the risk to vulnerable organizations, said John Hultquist, VP of analysis at Mandiant Threat Intelligence.
“Although many of the organizations that have not yet been patched have been exploited by cyber-spying actors, criminal ransomware can pose a greater risk as it disrupts organizations and even blackmails victims by releasing stolen email,” he said. Hultquist said. “Ransomware operators can gain access by encrypting or threatening to leak emails, a tactic they recently adopted.”
Administration plans to respond
At Friday’s conference with reporters, the senior administration official outlined several steps the Biden government plans to take in response to the SolarWinds and Microsoft Exchange incidents, but warned that a direct response to the SolarWinds hackers is still weeks away. .
The nine federal agencies compromised by the SolarWinds burglary have undergone a four-week investigation, and some have yet to review their systems to make sure the foreign enemies are completely ousted, the official said. Those who have not yet completed their reviews are expected to be completed by the end of the month.
The official gave little detail about the reaction to the perpetrators of the alleged Russian hackers behind the SolarWinds intruders.
“You can expect further announcements about it in weeks, not months,” the official said.
The official says the government’s internal review has ‘significant gaps in the modernization and technology of cyber security in the federal government’. “We will implement technology to address the gaps we have identified with the nine agencies that have been compromised” and then wider in the federal government.
Throughout the process, the White House held regular meetings with deputy heads of the agencies who were compromised.
The official said the White House would launch an executive action within a few weeks that included ideas to strengthen the country’s cyber security, including proposals to give letterhead cyber security ratings to software vendors used by the federal government. The idea draws inspiration from Mayor Michael Bloomberg’s sanitation degrees for restaurants. Another concept is based on Singapore’s cyber security standards for Internet-connected consumer devices. The goal, the official said, is to create a “market” for cyber security where companies will compete for high security ratings.
CNN’s Betsy Klein contributed to this report.