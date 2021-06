A man holds a laptop as a cybercode is projected onto him in this illustrative photo taken on May 13, 2017. REUTERS / Kacper Pempel

WASHINGTON, June 21 (Reuters) – A ten-year-old security recommendation could have helped thwart Russian hackers who rampaged on federal government networks last year, the digital defense arm of the Department of Justice said. Homeland Security in a letter sent earlier this month.

As the United States braces itself to spend billions of dollars strengthening its cybersecurity following a series of dramatic intrusions by foreign hackers, the recognition from the Cybersecurity and Infrastructure Security Agency (CISA) highlights how the measures Basic digital security can help defeat or at least mitigate the impact of even the most serious breaches.

The June 3 letter, sent by the CISA to Senator Ron Wyden, concerned the sprawling spy campaign that hijacked software from Texas-based SolarWinds Corp (SWI.N) to compromise nine government departments, a months-long effort that led to the theft of thousands of people. emails from U.S. officials and is already racking up hundreds of millions of dollars in cleanup costs.

The hackers – believed to be Russian agents – succeeded in the intelligence coup by subverting SolarWinds’ widely deployed network monitoring program and using it to implant malware on thousands of customer servers, selecting finally a smaller number for in-depth exploitation.

CISA said that if these victims had configured their firewalls to block all outgoing connections from servers running SolarWinds, it “would have neutralized the malware.”

The agency said several targets who configured their firewalls this way “successfully blocked connection attempts” and had no “follow-up exploitation.”

Wyden’s office quoted SolarWinds as saying that servers running its software don’t need to send outbound traffic. Guidelines from the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have warned for more than a decade that servers that do not need to connect to the Internet should be prevented from doing so – a principle similar to the idea that doors that do not need to be opened must be locked.

Servers running SolarWinds inside government networks “should have had even more stress around them,” said Jason Garbis, who is the product manager for digital security firm Appgate.

There is no suggestion that sealing the servers running SolarWinds from the Internet would have completely thwarted last year’s hacking campaign; the spies used a variety of sophisticated tactics to carry out their espionage work.

But Garbis said following best security practices would have made government networks “much more resistant to these types of attacks.”

Reporting by Raphael Satter; edited by Jonathan Oatis

