X

Connect (X)

Tag Archives: cybersecurity

Mission Critical Partners Offers Advanced Training

Mission Critical Partners has launched an advanced training program aimed at preparing public safety and justice agencies to be cognizant of cyberattack threats, why and how they work, and how to strengthen their defenses against them, according to a statement from the company.

“Cybersecurity continues to be a persistent challenge for government agencies, including those operating in the public safety, justice, and other mission-critical sectors,” the statement reads. “These entities must be constantly vigilant in their efforts to prevent breaches, a task made incredibly difficult given the ingenuity of cyberattackers, the increasing quantity of attacks targeting the public sector, and the reality that attack vectors evolve by the hour.”

In 2021, ransomware attacks increased more than 300 times over the same period in 2020, according to the company’s president of lifecycle management services, David S. Jones. According to Jones, a massive number of new records landed in dark web data markets, giving cybercriminals added fuel to execute phishing attacks, typically via emails that appear at first glance to be legitimate. He said the goal is to entice the recipient to unwittingly unleash malware by opening the email or clicking on an attachment.

Mission Critical Partners’ training program is designed specifically for public-sector agencies and is available as two separate training courses, according to the company statement.

The first course, “Advanced Cybersecurity for Leadership,” is designed for an organization’s leadership and would educate them regarding the importance of cybersecurity and, on a high level, how to achieve it. The company said the goal of the course is to ensure that those in the leadership program can develop a solid foundational strategy for defending against cyberattacks.

Advanced Cybersecurity for the Front-Line Employee,would educate front-line staff, including telecommunicators and supervisors, regarding the importance of good cyber-hygiene practices, the latest threats that are emerging, and how to identify and take ownership of their role in improving the cybersecurity posture of their organization.

Mission Critical Partners said that each course consists of two, two-hour classes that will be available virtually or on-site.

Shades Of FireEye, Again

By Ernest Worthman

Image courtesy of picstatio.com

By now everybody and their brother has shouted out that T-Mo got hacked. With all the noise about security, of late, and the highly visible and embarrassing breaches of companies such as FireEye, one has to wonder how T-Mo could possibly have a vulnerability that would allow an eight- or nine-figure record data breach. But, to be fair, they are in good company. This ransomware, which attacks tech-management software from a company called Kaseya, was said to have hit as many as 1500 organizations, of which about 50 were what are called managed services providers (MSPs). Kysea has about 40,000 customers using the tool that was the target of the attack.

This is a bit of a different approach to ransomware. Normally, ransomware attacks take advantage of security loopholes, such as common passwords without two-factor authentication. This one is much more sophisticated and attacked Kysea’s software, a unified remote monitoring and management tool for handling networks and endpoints, through an authentication bypass vulnerability in the Kaseya VSA web interface. It just so happens that the web interface contained two gaping flaws in the software.

These flaws allowed the attackers to circumvent authentication controls, gain an authenticated session, upload a malicious payload and execute commands via SQL injection, achieving code execution in the process. And how was it done? By creating a fake, malicious software update using Kaseya VSA dubbed “Kaseya VSA Agent Hot-fix.”

That causes everyone using the VSA tool to be vulnerable. Ergo any company using the tool is vulnerable to getting their files locked. And the process is stealthy. It was infiltrating before Kysea even knew what was happening.

The perpetrators are believed to be an affiliate of a top Russian-speaking ransomware gang known as REvil. They are also believed to be the same ones who hacked JBS’s meatpacking plant last June.

Early rumors had it that the T-Mobile’s breach compromised the data of more than 100 million people. T-Mo claims the actual figure was pegged closer to 40 million. The leaked data includes names, physical addresses, phone numbers, social security numbers, unique IMEI numbers and driver’s licenses information – plenty to create an identity theft crisis. The validity of the data was confirmed by Vice Media’s Motherboard channel, which claims to actually have seen samples of the data and confirmed they contained accurate information on T-Mobile customers.

The hacker is asking for six Bitcoin tokens, which are worth roughly $276,000 at Bitcoin’s current exchange rate. However, that is only for most of the data – about 30 million people’s worth. The rest of the data is apparently being sold privately, rather than being made publicly available.

So those are the ugly details. However, what has me surprised (and I am a T-Mo customer) is that this is its fifth known breach in less than three years. The company previously disclosed breaches in 2018, 2019 and 2020, as well as in January of this year.

What else has me seeing red is why T-Mo is not practicing “safe security.” One would think that after one or two successful attacks, they would make it a priority to implement the highest level of cybersecurity. But five successful attacks? I am finding myself a new carrier.

One thing this does reiterate is the poor state of cybersecurity in many organizations. As I mentioned earlier, the vulnerabilities were not some deeply embedded, buried code or back door. They were, as I noted, “gaping flaws,” as one report described them, that should have been unearthed by any reasonably astute coder.

However, uncovering vulnerabilities is often easier said than done, but there are also a lot of vulnerabilities that are easy to spot. That is one of the big issues with complex and million-line code. While it can be a time-consuming and costly undertaking, periodically, every piece of code needs a review. And there are plenty of organizations specializing in scrubbing code to uncover “gaping flaws” or rogue code.

However, this breach had nothing to do with T-Mo software. They were only running software from a vendor. A nagging question is whether the security at T-Mo was sufficient to catch this malware before it hit their database.

This is an interesting conundrum. As the trend is to move to cloud and “as a service” software, rather than developing and running on-premises software, the issue of security becomes a bit nebulous. Does the owner of the purchased software own the damages if it is hacked? Or is the liability with the developer? As well, there is the question of whether the end-user practiced due diligence in securing its own data.

The argument has been made that reasonable measures must be taken to secure data – at all levels. In the end, everybody along the supply chain has some responsibility to ensure data is secure – even the end-user. Of course, there is no way every possible avenue for intrusion can be locked down. However, there is much more that can be done than is being done – at all levels.

One good way to move toward such a goal is to hold breached vendors accountable, financially, for real damages. From time to time, there are fines levied against leakers, such as Equifax’s $700 million. However, as with fines against carriers over the years, the amount is usually paltry, and penalties are inconsistent.

Meanwhile, nothing is done to make the injured parties whole. Perhaps a model that passes costs up the channel would be more effective – T-Mo compensates its hacked customers (and not just with a year of free credit protection), and Kysea compensates T-Mo for its losses. Besides, I am pretty sure organizations can obtain insurance to cover that, anyway.

Some organizations are more aware than others and are doing a superb job in scrubbing their code, requiring security audits on vendor software, and making sure cloud suppliers have top-shelf security and keep everything up to date. Had this been the case with companies such as FireEye and Kasea, it is more likely that these attacks would have failed.

In any event, again I trumpet the importance of strong security. What more is there to say?

_________________

Ernest Worthman is an executive editor with AGL Media Group.

Opinion: We Have Been Warned – And Not Just Once

By Ernest Worthman

The warnings by the cybersecurity segment in the consumer segment still tend go relatively unheeded by consumer wireless vendors. Because of that we can expect nefarious activities in that sector to continue to ramp up. But we all know that. So why are they not doing more to thwart it?

So far, hacking consumer devices tends to be a low-yield activity compared to hacking government or enterprises. However, with the implementation of 5G and the expansion of the Internet of Anything/Everything (IoX), that is going to change.

While the non-consumer IoX segment is further down the line with security, the consumer vector seems stalled. So far, and luckily, this segment has not seen a pandemic-scale attack on its IoX devices. But it is just a matter of time until such an event occurs, simply because of the proliferation of smart consumer IoX devices.

One of the major talking points around 5G is security. Most agree that 5G will be the great enabler for the IoX. It makes sense, especially when one considers that many IoX devices will be capable of using mmWave frequencies. As this evolves, the attack surface increases logarithmically.

The consumer supply side is, and always will be (except for the well-off) a very competitive segment. Consumers are price conscious-so what else is new? That puts the pressure on the vendor to be price competitive; meaning (obviously there are exceptions), putting in just enough to make sell and be profitable.

And, Like it or not, security is not a big selling point for the consumer. However, the time has come (again) to rethink that, especially in light of 5G. And there are hints that this should happen sooner than later.

What caught my eye and spurned this discussion is I recently saw a story about a cybersecurity company, GeoEdge, which has uncovered a global-scale malvertising attack. This is noteworthy because it is the first ad-based cybercrime aimed specifically at home-network-based IoX devices. It is believed to have originated in Slovenia and the Ukraine.

It first became visible a couple of months ago. This particular malware  silently install code on home-WiFi-connected smart IoX devices.

This is a dangerous precedent. Not because it is a harbinger of things to come (which it certainly is), but because this malware is so easily implemented on a very fundamental level. All that is required is a basic understanding of device API documentation, a bit of JavaScript knowledge, and rudimentary online advertising skills. Heck, I could do this!

If we look at some of the predictions for how many IoX devices will be out there in the next few years, a reasonable figure is 30 – 40 billion, globally, by 2025. By any stretch of the imagination that is a huge attack surface. And most low-tier, consumer devices are not equipped to spot this kind of malware.

In case you are not familiar with malvertising, or malicious advertising here is a birds-eye view. This is the kind of code that is embedded in ads – yes, the kind we are inundated with constantly. These are the type of ads that load when the site is opened. No user action is required. One would wonder how an IoX device would open malware. The fact is they do not directly but hang on a moment.

Malvertising injects malicious code into online display ads via online advertising networks.  Such networks are generally unaware they are serving up malicious content. And with a more recent version of this malware, users are not even required to click on the infected ad or navigate to a malicious page to initiate the attack on home network devices. That is why this is no nefarious.

This works so well because of the fragmented nature of online ads. Typically, the device, whether it is a computer, tablet, phone, whatever, is receiving and sending data all over the place via a variety of ad-related servers when it loads a website. One server delivers the online ads, another might play a video ad, and a third server might trigger a pop-up. This happens again when you click an ad as well.

The hacker hijacks the IoX device and inserts their code. Then the hacker can intercept or redirect traffic or insert malware into the channel. In simple terms, the IoX device is simply the medium running compromised code to allow infiltration of the users network. Now attackers simply intercept these traffic requests passing between the device and your browser and forcibly inject their malware or divert your traffic somewhere else.

It is the IoX device that will open the gate to this malware. Once it gets to the device, It is able to manipulate it by download apps without users’ consent, and risks theft of personal information and monetary data, as well as tampering with home systems such as smart locks and surveillance cameras.

Most antivirus measures, even firewalls of IoX devices are not able to spot or stop the code. To do so requires security capable of advanced, real-time ad blocking which is not a priority for such consumer devices.

This is only the tip of the ever-expanding malware iceberg. It is unlikely consumer IoX device manufacturers will move on this, at least not now.

In reality, these manufactures have no liability (unless gross negligence and verifiable damage can be proven) so there is no real motivation to up the security game. So again, it falls to the consumer to bear the costs.

The best defense, for now, is a good offence. Use the best available security options and software on your computers and smartphones. But, above all, be vigilant. Better to suspect a legitimate ad to be malware than to assume it is not.

_________________

Ernest Worthman is an executive editor with AGL Media Group.

What Is The Impact On The Telecom Industry of U.S., U.K. And The E.U. Calls On China To Stop Cyberattacks.

By John Strand, Strand Consulting

A headshot of John Strand, Strand Consulting

John Strand, Strand Consulting

It is becoming increasingly clear that governments around the world will “outsource” significant cybersecurity responsibility to telecom operators.

It is well known that the Chinese government has the country on lockdown: people are monitored 24/7 with millions of CCTV cameras; the “Great Firewall of China” blocks access to unapproved content and tracks attempts to circumvent it; municipal party leaders keep tabs on citizens. All networks and equipment are operated by companies either owned by the government or are beholden to them.

All surveillance data is aggregated into a unified system of social credits intended to standardize the assessment of the social and financial reputations of individuals and firms. People who do not live up to the Chinese government standards are sent to “transformation-through-education” or reeducation camps and generally are denied due process to defend their activities, according to Amnesty International. In practice, no information moves outside of the government’s purview.

It is curious then why so many cyberattacks originate from China than any other nation. If the Chinese government was so concerned about law and order, they could end these attacks immediately, but they do not. In China, the government and President Xi control everything except the people hired and encouraged to hack the free world every day.

The White House, The U.K. government, and The European Union agree

Yesterday the White House, U.K. government, and European Union simultaneously published statements calling for China to stop cyberattacks of malicious behavior and electronic espionage. The US also charged four Chinese nationals (three of whom were working as part of the state’s Ministry of Security) for attacks on companies, universities, and government entities in the US and abroad between 2011 and 2018.

What advanced technology China has not been able to develop itself, it appropriates through other methods, whether forced technology transfer or theft. U.S. cybersecurity vendor Cybereason issued a report describing “an ongoing global attack against telecommunications providers that has been active since at least 2017.” The report concludes the perpetrator is the APT10, an “advanced persistent threat,” and a state-supported Chinese espionage group. In December 2018, the U.S. government indicted APT10 members with conspiracy to commit computer intrusion, conspiracy to commit wire fraud, and aggravated identity theft. The indictment noted the hackers worked in tandem to steal intellectual and technological information from dozens of commercial and defense technology companies throughout the continental United States. Additionally, APT 10 is also responsible for the theft of personnel information for 100,000 U.S. Navy personnel.

 

In Norway, the supplier of financial systems in the cloud Visma saw that Chinese hackers tried to steal client data – Visma is a company that delivers finance systems to hundreds of thousands of companies around the world.

Australian intelligence officials claimed China may have accessed thousands of files and 19 years’ worth of data – to include tax and banking records – on Australian National University students and staff. Many of ANU’s graduates serve in the country’s intelligence and security agencies.

Symantec unveiled, in June, how Chinese hackers have attacked satellite and telecommunications infrastructure in the west.

The Center for Strategic and International Studies (CSIS) identified China as responsible for the greatest number of cyberattacks by any nation over the past dozen years. It reached this conclusion by examining public data. The true depth of China’s efforts – and successes – in penetrating western networks is probably still unknown.

Every day cyberhackers are looking for vulnerabilities to exploit, but if you can build products and services with backdoors, the Chinese government has in many countries still an open road to telecom operators’ corporate customers, information, technology, and secrets.

In Germany, the government, NATO, and corporate and private entities do not have access to networks free from influence from Chinese government tech.

Every time the Germany-based U.S. Commanding General Christopher Cavoliare of United States Army Europe and Africa, his staff, or his family use a mobile phone, their traffic is sent through a Chinese mobile network. General Christopher Cavoliare and the rest of the people in Germany cannot get a network free from Chinese government tech.

Telecom networks are the foundation of the digital society. COVID19 proved that telecom networks are essential, as they have allowed people to work, learn, shop, and get healthcare from home during a period of lockdown and social distancing. Consequently, the importance of security and resilience of these networks is heightened. Policymakers are justifiably concerned about the vulnerabilities of these networks. They want to examine the network elements–their vendors, supply chains, and protocols and adopt measures to secure them.

Many countries have implemented restrictions on Huawei and ZTE. These restrictions have followed extensive investigations which have uncovered many red flags, including but not limited to, the inability to establish the technical baseline that the systems are not compromised by backdoors, inability to demonstrate that the Chinese government and military are not integrated with the enterprise, lack of operational and financial transparency and disclosure, illegal and unethical business practices, and violation of international law.

These investigations also follow the hardening of the Chinese regime under General Secretary Xi Jinping and the demonstrated aggression and repression against the people in Hong Kong, Xinjiang, and Tibet in addition to the widespread implementation of surveillance technologies and practices on the Chinese people. Thus, restricting the implicated firms and technologies is a prudent response from a nation that wants to protect the privacy, sovereignty, and security of its people and assets. This is hardly a new concept; NATO has never purchased Chinese fighter jets or Russian submarines or Huawei telecom equipment. It follows that in a world with a new threat landscape, policymakers need to review and update the standards for telecom network equipment.

Consumer choice

Consumers are increasingly savvy and concerned about the privacy and security of their data; moreover, they expect their suppliers to demonstrate ethical behavior and good governance. Telecom operators and governments are well aware of this, but they have responded differently. There are three categories of response: some recognize the threat and remove vulnerable elements like Huawei and ZTE from their networks; others which recognize that Huawei and ZTE are problematic but believe that the risk can be managed; and finally, those which do not believe there is a problem and continue to use Huawei and ZTE. For the customers of the networks in the last two categories, they cannot exercise their right to limit their exposure to Huawei and ZTE unless (1) there is transparency of the elements and (2) there is a safe network alternative.

Indeed, private and corporate customers increasingly demand that telecom operators improve the security of networks. They want to limit if not eliminate the risk of theft, espionage, surveillance, sabotage, and other compromises of their information. As such, many operators choose not to renew their Huawei and ZTE contracts, or they launch a rip and replace effort to upgrade networks with secure equipment.

Consider Belgium, the headquarters of the European Union, NATO, and many firms in the defense, pharmaceutical, and other advanced technology industries. Until now, like Germany still, it was impossible to choose a telecom operator who had no exposure to Huawei or ZTE. Fortunately, in late 2020 Proximus and Orange moved to upgrade their networks with secure, non-Chinese equipment. This is not just an issue for Brussels or big cities; consider Puurs, Belgium, the European epicenter for the COVID19 vaccine. Pfizer and BioNTech will likely demand additional measures to secure their networks, as China’s state-sponsored hackers have targeted vaccine-related information.

What the future looks like for the telecommunications industry – just ask the banks.

To see the future of the telecom industry, look at what happened with banking. European banks have been required to implement Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT). About 10 percent of European banks employees are today working with compliance. Telecom authorities, defense officials, and other policymakers and will likely see cybersecurity as vital for Europe and that telecom infrastructure is critically important. So just as the banks have been put under a heavy regulatory regime to address corruption, the industry will be required to implement deterrence of cyberattacks.

In practical terms, the authorities in the E.U. and each nation-state will likely make some demands that challenge the network paradigm that telecommunications companies operate today. The rules will likely be so rigid that they will effectively eliminate Huawei and other Chinese companies from being vendors without making explicit bans. However, it will not be governments alone driving the charge. Corporate customers of telecom networks, companies that have experienced hacking, IP theft, or espionage, will also join the effort.

National telecom regulatory authorities in Europe publish information about the telecom industry including the number of customers, mobile coverage, percentage of landline infrastructure, speed, pricing, and other obligations such as anti-discrimination/net neutrality. This information is likely to expand to the resilience of networks. In the long term, the E.U. will find ways to assess the security of each operator’s network. Just as speed data is published today, safety and security data will be published in the future, e.g., number of data breaches, etc. In this way, security could become a competitive parameter like price, mobile coverage, speed, etc. Indeed, it could become a marketing point for operators to say that the network was free of malicious vendors.

Financial executives have been forced to manage their business and achieve profitability with a heavy layer of AML and CFT regulation. Telecom CEOs will likely experience this new reality when it comes to cybersecurity.

What telecommunications companies can do

The telecom industry has two choices: they can invent their process to certify network security, or they can wait for the government to impose rules. The industry should do something very quickly. There is a need to acknowledge cyber threats, and as an industry, be more visible to propose solutions and demonstrate mastery over the challenge.

Some CEOs do not want to take on the cost or effort to secure their networks from risky vendors; they claim their customers will not tolerate price increases. However, what does it say about the CEO who does not think his customers’ security is worth paying for?

The telecom industry should be forthright to customers and shareholders about cybersecurity costs. Customers expect secure communication and are willing to pay for it. If a company is not proactive about planning for cybersecurity costs, it is likely to end up paying more to respond to an attack, and in the lost time implementing a solution they should have taken from the start, they will experience lower profitability. This is what the banks experienced when it came to fighting money laundering and terrorist financing. The companies that waited to act, ended up paying more. Companies should start the dialogue today and be transparent about the cybersecurity challenge.

As the issue evolves, national security leaders and cybersecurity experts are likely to get greater visibility. They are some of the voices which bring credibility and urgency to the discussion and the need for mitigating measures.

Telecom operators need to lead in the cybersecurity challenge and be prepared with a strategy and solutions for 4G, 5G, and the IoT when it is not human users online but billions of devices.

The discussion is greater than any one country or company, and indeed Chinese tech threats are more than just Huawei. However, failing to secure networks from Huawei equipment would be like NATO buying Chinese fighter planes. NATO prohibits procurement from many countries; the question then is if fighter plane is critical infrastructure, why is the same standard not applied to telecommunications networks?

We have come a long way since Bell and Marconi. Telecommunication is the foundation of the connected world. If telecommunications infrastructure breaks down, it will have major, reverberating consequences.

In 2019, 5G became a mainstream topic and rebooted the discussion of the value that telecommunications brings to society including innovation, security, and inclusion. Consider the many transformations that the industry has delivered from the invention of the telephone. Today the digital world, including its businesses, the communications of individuals, and the operation of the public sector is predicated on the advanced infrastructure that the telecom industry provides.

Today, policymakers in the U.S. and E.U. have a lot of focus on communications network equipment from Chinese vendors. Going forward, while the media has largely focused on Huawei, the discussion should be broadened to the many companies that are owned or affiliated with the Chinese government including but not limited to TikTok, Lexmark, Lenovo, TCL, and so on.

John Strand has a background in Sales and Marketing in the IT and Publishing Sector and has been consulting on strategies, sales, and marketing since 1989. In 1995 John founded Strand Consulting solely on the telecom sector, analyzing markets and market trends, publishing reports, and holding executive workshops that have helped mobile operators, mobile services providers, etc. all over the world focus on their business strategies and maximizing the return on their investments.  John is one of the best-known consultants in the business. Being honest – and giving his honest opinion on current issues in the telecom industry has become John’s trademark – even when it means being controversial or treading on a toe or two…

To contact John Strand, email: [email protected]

It’s the Russians, Stupid

By Ernest Worthman, Executive Editor, AWT magazine, Senior Member, IEEE

Ern’s Perspective

Worthman

As I alluded to in my last column, I will be doing a deeper dive on the recent emergence of the technology attacks Russia has been perpetrating on our country.

As most of us are now aware there has been a major infiltration, by Russia, into our country’s technology infrastructures. What many do not know is that this has been going on since early this year. And, for most of us, our awareness of it has only been recent, as well.

Here’s the story in a nutshell. A vulnerability in the SolarWinds software (guess what… a backdoor) was exploited. This was the attack surface the Russians went after – and they were successful.

They managed to hack a company called FireEye, which, according to their website, “FireEye knows more about cybersecurity than anyone.” Well, considering what just happened, that is a bit concerning. And, FYI, FireEye’s senior management is now being investigated by an international securities law firm for breaching their fiduciary duties. I would have to imagine other inquiries are on the horizon for them, as well.

One must wonder how this was allowed to happen. My sources tell me that originally FireEye was targeted using compromised SolarWinds software. Once they were breached, they had a host of company tools used to mimic cyberattacks. How that would ever be breachable is beyond me even if the overall code was compromised.

The attackers got to it by tampering with software updates to SolarWinds software. Again, how could SolarWinds not know someone was tampering with its code? In reality, the software was been compromised as early as March of this year. The software is SolarWinds Orion, which is an IT monitoring software package – talk about the perfect target.

Once the hackers gained access they started to monitor emails from persons working in the Department of the Treasury, Department of Homeland Security, and the Pentagon (and others). This went on for months. Once they got into the systems, they hacked their way past the multi-factor authentication system that protects users’ inboxes. This was no easy feat either, so it tells you just how sophisticated this hacker network is.

Eventually, the attackers went ballistic and wormed their way through the digital ecosystem affecting lots of companies and organizations.

The “holy cow” is that any company using Orion was a candidate for hacking. In fact, by some estimates, as many as 180,000 companies and government organizations of SolarWinds software have been affected. How many have actually seen damage is still undetermined. Microsoft is one of them as well as other Fortune 500 companies, the IRS, AND the National Nuclear Security Administration which maintains our nuclear stockpile. It is also possible that collateral damage has occurred to other organizations through vulnerable software linked to SolarWinds. As well, a report from Qualys Security Advisors noted that there may well be millions of devices, globally, that have been exposed to vulnerabilities used in the stolen FireEye Red Team tools and Orion.

And, even more interesting is that there have been patches available for quite some time from Microsoft. This tells me is that even the most astute are not taking security as seriously as they should. While the fix is relatively simple, the damage is to systems that did not apply the patches judiciously.

While the actual perpetrators may never be known, it is suspect that the attack is likely the work of APT29 (Cozy Bear). They are supposedly state-sponsored hackers affiliated with Russia’s SVR Foreign Intelligence Service.

This has been in the works for some time, according to several cybersecurity experts. The attackers obviously have some world-class capabilities and have been eyeing (pun intended) specifically FireEye for their initial attack. There is no doubt that this was extremely well thought out and executed.

Cozy Bear is highly trained in operational security and able to use discipline and focus, as well as patience. Some of the techniques included methods that counter security tools and forensic examination. FireEye officials said they have never seen this kind of sophistication.

We seem to have forgotten that the Russians have a highly developed technology ecosystem focused on hacking. They have been banging on our infrastructures and platforms for as long as I can remember. So, this should not be a surprise. What should be a surprise is how long this has been going on. And, sadly, while this past administration has been so horse-blinded to everything except beating up on China, Russia has been quietly honing its malfeasance capabilities.

While it may not be realistic to lay all the blame on this past administration, common sense tells me that the cozy relationship between Trump and Putin allowed the Russian to plod along, merrily, pretty much unchallenged by the United States.

Of course, Russia has denied the allegations. TASS, Russia’s official news agency, released this about the attack: “We declare, responsibly, that malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations. Russia does not conduct offensive operations in the cyber domain,” the Russian embassy said on Facebook.

How many of such attacks can be prevented is unknown. And, the ramifications of this, going forward, are yet to be determined.

What is known, however, is that as much as everyone in the cybersecurity landscape harps on the importance of security priorities, we still do not seem to want to bite the bullet and go for 100 percent. Until we do, we will continue to do damage control instead of damage prevention.