Austin, Texas DPS Victims Of Suspected Russian Data Breach

The city of Austin and the state of Texas are both victims of a massive breach in state and federal computer networks by purported Russian intelligence agencies, according to confirmed reports.

Executives from the city of Austin say they are following measures recommended by the Cybersecurity and Infrastructure Security Agency (CISA) and FBI.

Austin councilmembers on December 8 awarded a contract for citywide cyber liability insurance for up to $2.43 million to Alliant Insurance Services, Inc.

According to the solicitation documents issued in February 2020, the city was seeking insurance agents and brokers experienced and qualified to provide cyber liability consulting services and placement of comprehensive cyber liability insurance coverage for large public entities.

CISA issued an emergency directive on December 13 after it was discovered that hackers had gained access to multiple computer networks via SolarWinds’ Orion products. SolarWinds Corporation is headquartered in Austin.

Officials at the Texas Department of Public Safety (DPS) did not confirm if the agency had been breached, but they referred inquiries to FBI Special Agent Michelle Lee in the bureau’s San Antonio office.

On its website, SolarWinds stated that it believes “the vulnerability was inserted into its Orion platform products and it existed in updates released to customers between March and June 2020.”

The breach to SolarWinds permitted attackers to gain access to an estimated 17,000 network traffic management systems out of the company’s 33,000 Orion customers.

The Multi-State Information Sharing and Analysis Center reported that multiple vulnerabilities have been discovered in SolarWinds N-Central. Two of these vulnerabilities, when used in conjunction with each other, could allow for remote code execution.

SolarWinds N-Central is a remote monitoring and management automation platform for managed service providers and IT professionals.

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This story originally published by Strategic Partnerships.