Thursday, December 17, 2020

U.S. scrambles to assess damage from nation-state cyberattack

U.S. government officials warned that the cyberattack identified earlier this week has compromised dozens of federal government networks and likely thousands of private networks globally.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) announced a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to the infiltration of U.S. government networks arising from the SolarWinds backdoor hack.

CISA issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network.

CISA said the infiltration "poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."

Some notes from CISA about the attack:

  • Compromises began at least as early as March 2020
  • This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks.
  • The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged.
  • Not all organizations that have the backdoor delivered through SolarWinds Orion have been targeted by the adversary with follow-on actions.
  • Organizations with suspected compromises need to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans. 
  • The adversary is making extensive use of obfuscation to hide their C2 communications. 
  • CISA has observed the threat actor adding authentication tokens and credentials to highly privileged Active Directory domain accounts as a persistence and escalation mechanism. In many instances, the tokens enable access to both on-premise and hosted resources.

Some recommendations from CISA:

  • Out-of-band communications guidance for staff and leadership;
  • An outline of what “normal business” is acceptable to be conducted on the suspect network;
  • A call tree for critical contacts and decision making; and
  • Considerations for external communications to stakeholders and media.

https://www.cisa.gov/ 

https://us-cert.cisa.gov/ncas/alerts/aa20-352a

Microsoft President Brad Smith stated "this latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms." 

Microsoft also noted that the initial list of victims includes not only government agencies, but security and other technology firms as well as non-governmental organizations.

https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/




  • On December 13, FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware. The attacker is using multiple techniques to evade detection and obscure their activity, which includes espionage and data theft. FireEye has released signatures to detect this threat actor and supply chain attack in the wild. 
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

Linux Foundation marks first release of DENT Network OS

 The Linux Foundation announced the first code release of DENT, a  Network Operating System (NOS) for Disaggregated Network Switches in campus and remote enterprise locations. The project aims to address the specific needs of distributed enterprise edge networking, such as a simplified networking OS stack that is low cost and Linux-based. DENT enables an open community to build this solution without complicated abstractions. It also promises to treat ASICs and switching silicon as any other hardware.

Initial supports of DENT include Innovium, Arcadyan, Aviz Netorks, Alpha Networks, Amazon, Delta Electronics, Marvell, NVIDIA, Edgecore Networks, and Wistron NeWeb (WNC).

The Arthur release – aptly named after Arthur Dent, the protagonist character of Hitchhiker’s Guide to the Galaxy– uses the recently released Linux 5.6 Kernel and leverages SwitchDev to simplify integrations, eliminate complex abstractions and SDK change management, and support existing Linux tool chains. 

“With the Arthur release, we’re witnessing the makings of an open network operating system, control plane and management plane that will transform how enterprises address their distributed edge challenges,” said Arpit Joshipura, general manager, Networking, Edge and IoT, at The Linux Foundation. “The DENT community has grown quickly and executed on this first major code release at a time when the entire industry is rethinking the future of retail and campus environments.”

https://dent.dev/

Intel and Samsung achieve 5G SA Core capacity of 305 Gbps / server

Samsung and Intel achieved a record 5G SA Core data processing capacity of 305 Gbps per server – equivalent to hosting more than 200,000 users simultaneously live-streaming standard definition videos – as well as latency improvement in a mobile network environment with commercial features enabled. 

To achieve this result, Samsung’s 5G SA Core used the 2nd generation Intel Xeon Scalable processor and the Intel Ethernet Network Adapter E810 with Enhanced Dynamic Device Personalization (DDP). The companies said the Intel Ethernet Network Adapter E810 with Enhanced DDP is capable of optimizing data distribution and transmission functions across the network adapter and the CPU cores, resulting in higher performance. Samsung and Intel were able to implement a simplified system configuration and boost packet processing and overall network performance.

“Through close collaboration with Intel, we were able to achieve an industry-leading performance with our 5G SA Core,” said Sohyong Chong, Senior Vice President and Head of Core Software R&D, Networks Business at Samsung Electronics. “Samsung’s cloud-native 5G SA Core, through its highly flexible and scalable design, will enable our customers to launch 5G services more swiftly and cost-effectively.”

“The transition to 5G Standalone Core is essential to achieve the full potential of 5G,” said Alex Quach, Vice President and General Manager, Wireline and Core Network Division, Intel Corporation. “This milestone achieved with Samsung is a verification of how strong industry collaboration and the use of innovative technologies can enhance performance to accelerate this transition and pave the way to new network and edge services.”

https://news.samsung.com/us/samsung-achieves-305gbps-5g-sa-core/

T-Mobile rolls out Location-Based Routing and Next Gen 911

 T-Mobile US is rolling out  Location-Based Routing and Next Generation 911 connectivity over IP – two critical advancements for pinpointing the location of callers, reducing the need for call transfers, and enabling a more efficient and effective 911 communication system.


Location-Based Routing (LBR) significantly cuts the need for 911 call transfers by leveraging low latency device-based location technology that at allows the network to connect more 911 callers directly to the appropriate 911 call center. T-Mobile says some areas with LBR enabled have experienced up to 40 percent fewer call transfers. LBR is currently enabled in parts of Texas and Washington State, and T-Mobile is working with 911 authorities to expand the capability nationwide.

Next Generation 911 (NG911) transitions 911 to an all-IP-based system. This is expected to improve the system’s ability to manage call overload, natural disaster response, and interoperability between jurisdictions. NG911 also paves the way for future forms of communications. Alert systems like crash detection will become more effective, sending notifications and actionable data directly to 911 dispatchers instead of third parties. T-Mobile has established some level of NG911 connectivity in all or part of Delaware, Massachusetts, Michigan, New Hampshire, North Carolina, Pennsylvania, South Carolina, Virginia, and Washington state, with plans to expand both NG911 connectivity and capability nationwide as public safety networks are ready.

"As the Un-carrier we innovate and push the wireless industry forward with technology firsts like this for the sake of consumers everywhere. Nowhere is that more important than driving improvements in public safety,” said Neville Ray, President of Technology at T-Mobile. 


T-Systems enters strategic collaboration agreement with AWS

T-Systems and Amazon Web Services (AWS) announced a multi-year Strategic Collaboration Agreement to manage the digital transformation of companies more quickly, efficiently and securely. 

T-Systems said the agreement will spur it to build out capacity in both solutions and people through a strong training and enablement program. The ICT service provider intends to train 3,000 additional AWS experts as part of the new collaboration.

Regarding security, AWS and T-Systems agreed to closely collaborate to achieve the targets recently set by the European regulation.

“Since the beginning of our relationship with AWS, we have built up expertise in AWS technology and combined it with our extensive experience from major transformation projects. Our customers appreciate this,” explained Adel Al-Saleh, member of the Deutsche Telekom Board of Management and CEO T-Systems.

https://www.t-systems.com/us/en/about-t-systems/news/t-systems-and-aws-expand-collaboration-365120

Deutsche Telekom aligns with Microsoft Azure

Deutsche Telekom and Microsoft announced a seven-year strategic agreement to help customers of all sizes accelerate their cloud transformation initiatives. 

"We have agreed on the framework for joint strategic growth with our long-term partner Microsoft. We are delighted," said Adel Al-Saleh, member of the Deutsche Telekom Board of Management and CEO of T-Systems. "This partnership will enable us to enhance services for our customers. We will also be supporting each other with digitalization and network build-out." 

Highlights

  • Telekom plans to migrate the majority of its internal IT workloads to the public cloud by 2025 and Azure is a central part of that strategy. Through a companywide training program, thousands of Telekom employees will learn how to maximize the benefits of Azure. 
  • Telekom will also offer its customers direct access to the Microsoft cloud through Azure ExpressRoute. 
  • Telekom will offer Microsoft 365, including Microsoft Teams. As part of this, the companies have started a project for German schools to reimagine traditional approaches to education, enabling remote learning through cloud-based IT infrastructure, modern devices and the cloud productivity and collaboration applications within Microsoft 365. 
  • Telekom will help its customers with moving their SAP environments to Azure. SAP solutions on Azure offer enterprise-grade security, and business continuity and reduce hardware expenses, making it easier for start-ups and smaller organizations to get started. 

Singapore's StarHub leverages ADVA’ s Layer 1 encryption

StarHub is using ADVA's FSP 3000 ConnectGuard Optical Layer 1 encryption technology to power a fully-managed service enables local enterprises, government agencies and multinational corporations to harness telco-grade encrypted connectivity for their users and systems across multiple locations.

The StarHub SDS Secured Service delivers highly-reliable and robustly protected enterprise connectivity on protocols including Ethernet, Fibre Channel and Synchronous Digital Hierarchy (SDH), and with a choice of speeds ranging from 1Gbit/s to 100Gbit/s. Physical layer encryption throughout the network ensures all customer data has the most rigorous defense available. Key security features for customers include protocol-agnostic hardware-based encryption with the lowest latency possible and 100% throughput. Security is also enhanced through simple certificate enrolment protocol-based automation and manual operations, as well as a strictly separated encryption domain manager. What’s more, the solution features automated procedures for authentication, services creation and regular key generation. As the only technology of its kind cleared to transport NATO-restricted data, the ADVA FSP 3000 ConnectGuard Optical encryption solution meets the most stringent international standards and regulatory requirements.

“We’re excited to be StarHub’s technology partner as it takes this key step. The StarHub SDS Secured Service offers a major boost to the business community in Singapore, providing the protection as well as the speed and guaranteed uptime needed for the most sensitive and critical data transport,” commented Erik Lindberg, VP, sales, APAC, ADVA.


SPIE 2021 Photonics West will be virtual, March 6-11

SPIE Photonics West, which normally convenes in San Francisco, will be held as an interactive, virtual conference 6-11 March 2021.


“The SPIE Digital Forum platform was developed to help people share results and make connections during the pandemic, and we’ve continued to fine-tune our virtual platform and digital offerings throughout this year,” says SPIE CEO Kent Rochford. “We’ll be implementing the latest improvements during Photonics West and are excited to release them to our attendees, presenters, and exhibitors. These forums, as always, ensure the professional discussion, innovation sharing, and networking opportunities that the SPIE community values and relies on to advance its research, product development, and engineering collaborations.”

"It's been a challenging year for our entire community, and I know that I am not alone in my desire to meet in person to exchange ideas, research, technological advances, and new products," says 2020 SPIE President John Greivenkamp. "We are hopeful of being able to gather in person later in 2021. In the meantime, I invite you to join us online at one or more of these dynamic conferences and look forward to seeing you there."

Molex acquires Fiberguide Industries

Molex has acquired Fiberguide Industries, a manufacturer of customized optical fiber solutions based in Caldwell, Idaho. Financial terms were not disclosed.

Molex said Fiberguide will help it address the stringent needs of medical applications, including high-power laser surgery, DNA sequencing and flow cytometry. Both Molex and Fiberguide bring extensive expertise in optical fibers, analytical probes and fully packaged assemblies to support  increasing demands for minimally invasive medical procedures. Additionally, a complementary portfolio of design capabilities provides customer-centric solutions for industrial monitoring and sensing as well as datacom applications that require reliable performance in extremely harsh environments. 


Fiberguide will join Molex's Polymicro business, a Phoenix-based provider of specialty optical fiber and fluidic-based products tailored for medical, industrial and datacom applications.

"Today, Molex is setting a new standard of excellence in the industry while fulfilling our vision of becoming the leading provider of specialty optical fiber products," said Jim Clarkin, GM of Polymicro. "Our combined capabilities give global customers a full array of products and complete solutions to meet emerging requirements for innovative laser-based optical systems."

  • Polymicro was acquired by Molex in 2007. 

RIP: Norman Abramson, co-founder of ALOHAnet

Norman Abramson, one of the founders of the ALOHAnet, passed away on December 1, 2020, at the age of 88.

In 1971, Abramson, who was a professor of electrical engineering at the University of Hawaiʻi at Mānoa, teamed up with faculty member Franklin Kuo, other colleagues and graduate students, to lauch ALOHAnet, the first wireless packet data network. ALOHAnet pioneered the use of medium access (ALOHA random access) and experimental ultra high frequency (UHF) for its operation. The concept of random access, allowing clients to transmit data when ready and allowing for packet collisions, was later adopted as the basis of Ethernet.