Microsoft hacking escalate as criminal groups are rushing to exploit flaws

What began as a secret Chinese espionage targeting “specific individuals” through a flaw in Microsoft’s email software is a devastating global claim that claims tens of thousands of corporate and public sector victims. I escalated to a hack.

A US cybersecurity and infrastructure security agency issued an alert on Twitter late Monday, urging “all organizations in all sectors to follow guidance and address widespread domestic and international abuse.” Disclosure a week ago..

Microsoft’s announcement last Tuesday accused China’s state-sponsored hacking group known as Hafnium of conducting a stealth attack and began breaking into selected targeted email servers earlier this year. Issued a bug fix.

But experts say that since attention was paid to the flaws, there has been a flood of attacks by multiple hacking groups (including criminal groups) rushing to endanger victims before protecting the system. I did.

The European Banking Authority became the first notable institution this week publicly Say it was in jeopardy. It is unlikely that it will be the last.

“All victims who may not have applied the patch between the middle and the end of last week have already been attacked by at least one or a few attackers,” he said, currently running the Silverado Policy Accelerator. Dmitri Alperovitch, co-founder of the security group CrowdStrike, said. think tank.

“As these exploits propagate to the criminal element, this issue will be a crisis for organizations with the fewest resources,” said John Hultquist, vice president of Mandiant Threat Intelligence at FireEye. warning On Twitter.

Raised concern

Concerns arise because businesses and government agencies are already under threat from Russian espionage campaigns. In this campaign, perpetrators hijacked ubiquitous IT software products to access thousands of victims’ systems.

In Vast SolarWinds HackHackers, who have influenced organizations such as the US Department of Commerce and the Treasury, have been lurking deep in the system for over a year, as some experts cast as a typical intelligence gathering activity.

At first, Microsoft’s hacks seemed to be stealth as well. Sean Koessel, vice president of professional services at Volexity, a cybersecurity group that helped identify vulnerabilities at Microsoft, discovered hackers targeting “very specific individuals” from NGOs and think tanks in early January. Said.

“They were able to come in at will and steal email very selectively … It wasn’t like smash and grab,” he said.

However, on the last weekend of February, either Hafnium or another group rapidly escalated the attack. After Microsoft exposed the vulnerability, a third wave of even bigger attacks arrived as other criminal groups jumped to exploit the flaw. “Everything broke,” Koessel said.

The world’s public and private sectors were left behind for the second time in less than four months Scramble to confirm If they hit — and if so, what damage was done. Experts say that if a hacker establishes a foothold in the system, it needs to be carefully eliminated.

“The incident response team is burned out. [and] This is a really bad time. ” Chris Lebs, Former CISA Chief during the Trump administration, I have written On Twitter, we describe the attack as “genuine.”

Meanwhile, estimates of the number of victims continue to change. Experienced cybersecurity researcher Brian Krebs claimed that at least 30,000 organizations “including a significant number of small businesses, towns, cities, and local governments” were hacked in the days following Microsoft’s disclosure. Other estimates have resulted in as many as 250,000 casualties.

Huntless, a cybersecurity group focused on small businesses, said more than 350 breached casualties among “non-sexy” customers such as small hotels, ice cream companies, kitchen equipment makers, and multiple seniors communities. Said he found a person. “Small and medium-sized enterprises”.

Last week, a series of increasingly desperate announcements from US authorities prompted immediate action from the organization. On Friday, the CISA held the first phone call reported by The Wall Street Journal, urging more than 4,000 critical infrastructure groups, both private and government, to patch their systems.

White House spokesman Jen Psaki said Friday that the “aggressive hack” had “many victims.”

“Microsoft has nation-state resources.”

China has long been one of the most active countries in conducting cyber warfare with the United States. For example, a hack by the Human Resources Department, discovered in 2015, succeeded in obtaining sensitive data about millions of civil servants.

Theresa Payton, a former White House chief information officer and chief executive officer of cybersecurity consultancy Fortalice Solutions, said the first wave of targeted attacks was probably the classic Chinese “industrial espionage” campaign. ..

Hackers may have been looking for R & D information About coronavirus vaccine, An indicator of US trade policy on intellectual property related to Big Tech or China, she said.

She and other experts suggest that even if China is a separate group of hackers than the more careful hafnium, it may be responsible for some of the less discriminatory attack rashes.

“There are still [Chinese state-backed hacking] That unit. .. .. It’s like Hoover vacuuming all the sand on the beach, bringing it to the back office and sieving it. [them] I’m looking for jewelry, “she said.

Experts warned that onslaught by criminal hacking groups could mean that victims would soon be attacked. Ransomware attack — This allows the attacker to seize the victim’s data and release it only when payment is received.

The attack urged President Joe Biden to take a more aggressive stance against China when his government was already exploring. Penalties including sanctions Against Russia for SolarWinds hack.

“In my view, this deserves an important response by the Biden administration,” Alperovich said.

Hack also marked Second embarrassment After it became clear to Microsoft that the weaknesses of the system played a role in facilitating some of the SolarWinds breaches.

“Microsoft has nation-state resources,” said Ron Gula, a co-founder of Tenable and a former NSA staff investing in cybersecurity groups. “On the other hand, they are very big. There is a lot of complexity in what they are doing.”

Koessel said: “It’s the nature of software and things will be overlooked.”

Additional Report by Kiran Stacey in Washington

Daily newsletter

© Financial Times

#techFT provides news, comments, and analysis on the big companies, technologies, and issues that shape this fastest sector move from specialists based around the world. click here Get #techFT in your inbox.

Microsoft hacking escalate as criminal groups are rushing to exploit flaws

Source link Microsoft hacking escalate as criminal groups are rushing to exploit flaws

Back to top button