Victim of Microsoft hack scramble to fix security vulnerabilities

0
101


Victims of a massive global hack of Microsoft email server software, valued in the tens of thousands by cybersecurity workers, rushed Monday to shore up infected systems and reduce the likelihood of intruders stealing data or disrupting their networks.

The White House has labeled the hack an “active threat” and said senior national security officials were looking into it.

The violation was discovered in early January and attributed to Chinese cyber spies targeting US think tanks. In late February, five days before Microsoft released a patch on March 2nd, there was an explosion of infiltrations from other intruders leaning on the initial breach. Victims run the spectrum of organizations that run email servers, from mom and pop retailers to law firms, local governments, healthcare providers, and manufacturers.

While the hack doesn’t pose the kind of national security threat as the more sophisticated SolarWinds campaignThis can be an existential threat to victims who did not install the patch in a timely manner and now have hackers on their systems. The hack presents a new challenge for the White House, which, while preparing to respond to the violation by SolarWinds, now faces a formidable and very different threat from China.

“I would say it’s a serious threat to economic security because so many small businesses can literally destroy their businesses with a targeted ransomware attack,” said Dmitri Alperovitch, former technical director of cybersecurity firm CrowdStrike.

He blames China for the global wave of infections that began on February 26, although other researchers say it’s too early to be sure. It is a mystery how these hackers got wind of the initial injury because nobody but a few researchers knew about it, Alperovitch said.

After the patch was released, a third wave of infections began, which is common in such cases as Microsoft dominates the software market and offers a single point of attack.

Cybersecurity analysts trying to put together a full picture of the hack said their analysis is in line with the 30,000 US casualty figure published on Friday by cybersecurity blogger Brian Krebs. Alperovitch said about 250,000 global casualties were estimated.

Microsoft has refused to say how many customers it thinks are infected.

David Kennedy, CEO of cybersecurity firm TrustedSec, said hundreds of thousands of organizations could have been vulnerable to the hack.

“Everyone that Exchange was installed on was potentially vulnerable,” he said. “It’s not every single one, but it’s a large percentage of them.”

Katie Nickels, director of intelligence at cybersecurity firm Red Canary, warned that installing patches would not be enough to protect those already infected. “If you patch today it will protect you in the future, but if the adversaries are already on your system, you have to take care of that,” she said.

A smaller number of organizations were first attacked by hackers who sniffed data, stole credentials or networked and left backdoors at universities, defense companies, law firms and infectious disease research centers, researchers said. Those Kennedy has worked with include manufacturers worried about intellectual property theft, hospitals, financial institutions, and managed service providers that host multiple corporate networks.

“On the scale from one to ten, this is a 20,” said Kennedy. “It was essentially a key to opening any company that had this Microsoft product installed on.”

In response to a request for comment, the Chinese Embassy in Washington referred to statements made by State Department spokesman Wang Wenbin last week that China “firmly opposes and combats cyber-attacks and cyber-theft in all forms” and warned that the attribution of cyber attacks should be based on evidence rather than “baseless allegations.”

The hack had no impact on the Microsoft 365 cloud-based email and collaboration systems preferred by Fortune 500 companies and other organizations that can afford quality assurance. This underscores what some in the industry are complaining about as two classes of computers – the security “haves” and “have nots”.

Ben Read, director of analysis at Mandiant, said the cybersecurity firm has not seen anyone use the hack for financial gain, “but for people out there who are affected, time is of the essence to fix this problem. ”

This is easier said than done for many victims. Many have IT staff and cannot afford an emergency cybersecurity response – let alone the complications of the pandemic.

Fixing the problem isn’t as simple as clicking an update button on a computer screen. It requires an upgrade of an organization’s entire “Active Directory” that catalogs email users and their respective permissions.

“Shutting down your email server is not something you do lightly,” said Alperovitch, chairman of the nonprofit think tank Silverado Policy Accelerator.

Attivo Networks’ Tony Cole said the large number of potential victims creates a perfect “smoke screen” for nation-state hackers to hide a much smaller list of intended targets by tying together already overworked cybersecurity officials. “There aren’t enough incident response teams to handle all of this.”

Many experts were surprised and amazed at the speed with which groups infected server installations just prior to Microsoft’s patch release. TrustedSec’s Kennedy said it took Microsoft too long to get a patch out, even though he didn’t think it should have let people know before the patch was ready.

Steven Adair of the cybersecurity firm Volexity, who alerted Microsoft to the initial intrusion, described “indiscriminate mass exploitation” that began the weekend before the patch was released and involved groups from “many different countries, including criminal actors.”

The Cybersecurity Infrastructure and Security Agency issued an urgent alert on Wednesday, and National Security Advisor Jake Sullivan tweeted about it the following night.

However, the White House has not yet announced any concrete initiative to respond.



Source link

Thank You For Visiting. Please Support This Site By SHARING And Following Us In The Social Networks.

Leave a Comment