SolarWinds hackers could have been waylaid by simple countermeasure: says officials

According to a letter sent earlier this month by the Department of Homeland Security’s digital defense arm, following a decade-old security recommendation could have helped thwart the Russian hackers who ran amok across federal government networks last year.

The Cybersecurity and Infrastructure Security Agency (CISA) acknowledges that basic digital security measures can help defeat or at least mitigate the impact of even the most severe breaches, as the US prepares to pour billions of dollars into bolstering its cybersecurity following a series of dramatic intrusions by foreign hackers.

CISA wrote to Senator Ron Wyden about a massive espionage operation that used software from Texas-based SolarWinds Corp SWI.N to infiltrate nine government departments, a months-long operation that resulted in the theft of thousands of U.S. officials’ emails and has already cost hundreds of millions of dollars in cleanup costs.

The hackers, who are thought to be Russian operatives, were able to pull off the intelligence coup by subverting SolarWinds’ widely used networking monitoring program and using it to plant malicious software on thousands of clients’ servers, eventually narrowing it down to a smaller number for in-depth exploitation.

CISA said that had those victims configured their firewalls so that they blocked all outbound connections from the servers running SolarWinds, it “would have neutralized the malware.”

The agency said that several targets who did set up their firewalls that way “successfully blocked connection attempts” and had no “follow-on exploitation.”