by Carolyne Volpe Curley / Carolyne@WestEssexNOW.com
Early this morning, schools across the country began alerting their staff and families that Google is experiencing a widespread international outage and therefore remote learning may be affected due to the many resource tools that Google provides to its education clients.
The internet monitor DownDetector reports that 90% of Google users that are having difficulty with their accounts are primarily unable to log in. The DownDetector live outage map display shows that the majority of the accounts currently experiencing Google issues are located on the US East Coast, and across Europe.
Over the weekend, reports have surfaced of an ongoing malicious cyber-attack perpetrated by hackers against the US company SolarWinds through its Orion software network. The attack was made possible through an earlier hack on the cybersecurity company FireEye. The incidents led to a national directive today for all federal civilian agencies to block any SolarWind Orion network software.
GOOGLE RESOURCE TOOLS
ZOOM OUTAGES ALSO REPORTED TODAY
Again, while there is no report of any hacking connection, DownDetector is also reporting over 1000 Zoom outages this morning.
Clients, including numerous teachers, are reporting receiving the error message: "The media could not be loaded, either because the server or network failed or because the format is not supported."
FIREEYE CYBER ATTACK
On Tuesday, FireEye reported from their Milpitas, CA headquarters that their company had experienced a cyber-attack. Because the company itself is hired to investigate cybersecurity attacks and protects companies against malicious software, they concluded that the unique incident required "expert capabilities."
The company related that they were working with the FBI and Microsoft due to the fact that the attack "primarily sought information related to certain government customers."
NATIONAL SECURITY COUNCIL MEETING
In an emergency meeting on Saturday the US National Security Council met to evaluate the FireEye incident and determined that the hacker had stolen FireEye tools which the security company created to analyze computer networks security risks and which are now being utilized to hack into other networks.
SOLARWINDS CYBER ATTACK
On Sunday, reports circulated that the Austin, Texas based SolarWinds software company which manages networks, systems and IT infrastructure around the world, had its Orion software compromised and that the cyberattack was already affecting multiple US government agencies.
The company expressed that it had:
A Supply Chain Attack can take place in any public or private organization using software which has been victimized through a cyberattack targeting their network.
US CYBERSECURITY EMERGENCY DIRECTIVE
Just after midnight today, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a detailed emergency directive advising all federal civilian agencies to:
CISA Acting Director Brandon Wales
SolarWinds customer page was removed today, but the company is believed to serve about 320,000 clients in over 140 countries. Their website states that its client base comes from a wide range of industries including many US federal agencies and Fortune 500 companies and "the top 10 US telecommunications providers."
The known SolarWind client list as of now includes:
National / Central Agencies
US States, Local Governments
MICROSOFT CYBER ATTACK
Yesterday, the US Commerce Department confirmed that “there has been a breach in one of our bureaus." The agency is reportedly referring to their National Telecommunications and Information Administration (NTIA) office where it is believed that federal staff using the Microsoft 360 Office platform may have had their email's secretly read going back as far as June, 2020.
Most US government agencies use Microsoft's email and office software.
Microsoft alerted all of their clients on Thursday, Nov. 4, that they may become aware of suspicious activity on their account and provided precautionary measures in a publication titled:
"How To Determine Whether Your Office 365 Account Has Been Compromised."
Microsoft has not released a statement at this time but it's believed hackers
were able to trick the Microsoft platform’s authentication controls into accepting their log-in credentials.
COMMON SOLAR WINDS CLIENT ATTACK ELEMENTS
FireEye CEO Kevin Mandia stated: "Based on our analysis, the attacks that we believe have been conducted as part of this campaign share certain common elements:
Use of malicious SolarWinds update
SUSPECTED RUSSIAN HACKER GROUP APT29
FireEye CEO Mandia stated: "Based on our analysis, we have now identified multiple organizations where we see indications of compromise dating back to the Spring of 2020, and we are in the process of notifying those organizations."
All of these cyber attacks are believed to be connected and Mandia used the word 'attackers" which is likely referring to a coalition of blackhat computer hackers working together.
Three sources familiar with the federal investigation reported to Reuters that the hacking group suspected in the case is known as APT29, a blackhat collective that have been working since 2008 for the Russian Foreign Intelligence Service (SVR).
APT is a designation for "Advanced Persistent Threat." The group also has gone by the names:
"Россия не проводит «наступательных» операций в виртуальной среде."
"Russia does not conduct offensive operations in the cyber domain."
The country of Russia has denied the allegation.
In July, the NSA and other US security agencies accused CozyBear of trying to steal US Covid-19 data on vaccines and treatments being developed in Canada, the US and the United Kingdom.
A CISA update is expected at 12pm, EST, today.