The Microsoft Exchange hack shows attackers are working ‘smarter, not harder,’ experts say

Microsoft.
Microsoft announced a hack in its Exchange email servers on March 3.

  • Security experts said the Microsoft Exchange attack means hackers are working “smarter, not harder.”
  • The recent hack has received less attention since victims were small- to mid-size organizations.
  • But the hack could be a “test run” for a larger attack, meaning Americans must pay attention.
  • See more stories on Insider’s business page.

News about a hack that impacted hundreds of thousands of global organizations has largely flown under the radar.

On March 3, Microsoft announced Hafnium, a Chinese-sponsored hacker group, exploited vulnerabilities in its Exchange email servers. Microsoft said hackers left behind “web shells,” or tools that allow bad actors to access victims’ systems remotely after initial access.

The attack impacted hundreds of thousands of organizations globally and 30,000 in the US. Experts recently told Insider’s Aaron Holmes the hack could be “1,000 times more crippling” than the widely publicized SolarWinds attack.

Cyber security experts say though the Exchange server hack has not shocked Americans the way the SolarWinds attack did last year, but citizens must pay attention because of the likely increase in hacks this year and the different ways bad actors are exploiting victims.

Read more: Congress looks to tap big companies like Microsoft to prevent the next SolarWinds cybersecurity disaster, but critics warn that approach could stifle innovation

“This attack underscores just how vulnerable even the most secure organizations or individuals are when targeted by skilled cybercriminals,” Marcin Klecyznski, the CEO of Malwarebytes, told Insider.

Why you should care about the attack

One takeaway from the Exchange Server attack is that no one is safe from a hack.

Microsoft is an industry leader that accelerated cloud-based security efforts as offices transitioned to remote work during the pandemic. But getting hacked means companies need to develop software with security in every step, as well as have an incident response plan to patch flaws and notify users, per Jonathan Knudsen, a senior security strategist at Synopsys Software Integrity Group.

The hack also suggests cybercriminals are working “smarter, not harder,” said Klecyznski. Bad actors know IT security teams’ resources have become more stretched due to the rise in remote work, and hackers are looking to advantage of that gap in oversight, he said.

Read more: Cybersecurity execs from Visa, Netflix, Uber, and more share their underrated security tips, from vetting supply chains to ‘devaluing data’

Knudsen advises anyone responsible for a Microsoft Exchange server to patch the system and check for signs of an attack. Systems administrators also need to update servers and carefully examine systems at all times, because hackers can have access to a device for months or years before someone notices.

Kelvin Coleman, the executive director at the National Cyber Security Alliance, said security experts are still unsure of the hackers’ motivations, and whether the incident may have been a “test run” for a larger attack – which makes protecting user accounts with quality passwords and multi-factor authentication imperative.

“It can impact a lot of things if folks don’t have confidence that their information is protected and secure,” Coleman said.

How the Microsoft Exchange hack differs from other attacks

SolarWinds hackers were able to spy on federal agencies like the Department of Homeland Security and Treasury Department. Coleman said the Microsoft attack has received relatively less media attention due to the victims being small- to mid-size organizations and local governments, but that still leaves systems and personal information vulnerable.

The attack also differs from others because hackers did not need to interact with victims to get access to their information, said Ben Read, the senior manager for Cyber Espionage Analysis in FireEye’s Intelligence unit. Unlike a phishing scam, which relies on users clicking into a link with malware, the Exchange Server attack gave hackers more control.

Read said that, though this isn’t the first time this kind of attack happened, there’s been a rise in vulnerabilities in web-facing applications in the past 18 months. Analysts predict cyber attacks will dramatically increase this year as hackers exploit uncertainty around COVID-19 and take advantage of remote workers.

“The sheer number of victims makes it a big deal,” Read said in an interview with Insider. “Anyone who hasn’t taken mitigation efforts…they’re vulnerable as other groups kind of figure out how to exploit these vulnerabilities.”

Read the original article on Business Insider

These big firms and US agencies all use software from the company breached in a massive hack being blamed on Russia

hacker person keyboard cyber security
  • Many companies and government agencies are clients of SolarWinds, the software company that suffered a massive, months-long hack made public on Sunday.
  • SolarWinds says it has more than 300,000 clients, including US government agencies and the vast majority of Fortune 500 companies.
  • It is unclear how many of them are using the software that was attacked. SolarWinds did not immediately respond to Business Insider’s request for comment.
  • Scroll down for a list of the most significant SolarWinds clients.
  • Visit Business Insider’s homepage for more stories.

Thousands of international companies and numerous US government agencies, from the Department of Homeland Security to the State Department, are clients of the company whose software was breached in a massive hack.

SolarWinds announced a “highly sophisticated” attack on its Orion software on Sunday. Cybersecurity company FireEye said Sunday it was tracking the attack, saying that it began earlier in 2020 and may have left some systems compromised for months.

The Trump administration admitted that hackers had gained access to a number of key government networks including the Treasury and the Commerce Department, The New York Times reported.

By Monday evening, the State Department, the National Institutes of Health, and the Department of Homeland Security were also confirmed as victims of the hack, according to The Washington Post.

DHS’s Cybersecurity and Infrastructure Security Agency, whose director was recently fired by outgoing President Donald Trump for confirming the integrity of the 2020 election, issued an emergency directive calling on “all federal civilian agencies to review their networks for indicators of compromise.”

“The compromise of SolarWinds’ Orion Network Management Protocols poses unacceptable risks to the security of federal networks,” CISA Acting Director Brandon Wales said.

According to FireEye – which was itself hacked – the attackers gained access via the update server of a monitoring and management software made by SolarWinds called Orion IT.

The attack was “likely conducted by an outside nation state,” SolarWinds said. People familiar with the matter told Reuters that they believe the hack is Russian in origin.

The Russian Embassy in Washington, DC, denied responsibility.

It is unclear which companies and agencies are using the specific software that was affected, and if so, whether they have been targeted. SolarWinds did not immediately respond to Business Insider’s queries. 

FireEye said Sunday that the hack was “widespread, affecting public and private organizations around the world.”

Here is a list of the biggest agencies and companies that SolarWinds lists on its site as clients:

US agencies

  • The Office of the President of the United States
  • The Secret Service
  • The Department of Defense
  • The US Army, Marine Corps, Navy, Air Force, and Coast Guard
  • The State Department
  • The Federal Reserve
  • NASA
  • The NSA
  • The CDC
  • The Department of Justice
  • The State Department
  • The National Institutes of Health
  • The Department of Homeland Security

Major companies

  • Microsoft
  • Credit Suisse
  • Ford
  • Visa
  • Mastercard
  • AT&T
  • Procter & Gamble
  • PwC
  • Best Western
  • Lockheed Martin
  • Boston Consulting Group
  • CBS
  • Time Warner
  • Cisco
  • McDonald’s
  • Comcast
  • Ernst & Young
  • The Gates Foundation
  • Gillette
  • Blue Cross Blue Shield
  • Harvard
  • Sprint
  • Hertz
  • Volvo
  • Kodak
  • Nestlé
  • The New York Times
  • San Francisco Intl. Airport
  • Yahoo!

(Note: The full list of SolarWinds clients is larger)

Read the original article on Business Insider

FireEye stock tumbles 11% after the cybersecurity group reveals hackers breached its defenses and stole diagnostic tools

FILE PHOTO: The FireEye logo is seen outside the company's offices in Milpitas, California, December 29, 2014. REUTERS/Beck Diefenbach
FireEye logo is seen outside the company’s offices in Milpitas, California

  • FireEye stock slumped as much as 11% on Wednesday, wiping $400 million off the cybersecurity group’s market capitalization.
  • The company revealed on Tuesday that hackers recently breached its defenses and stole tools it uses to test customers’ protections.
  • “We were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack,” FireEye CEO Kevin Mandia said in a blog post.
  • FireEye is working with the FBI, Microsoft, and other partners to investigate the theft, and has developed and shared more than 300 countermeasures to the stolen diagnostic tools.
  • Visit Business Insider’s homepage for more stories.

FireEye shares tumbled as much as 11% on Wednesday, slashing the cybersecurity group’s market capitalization by up to $400 million. The selloff was sparked by FireEye’s disclosure that ostensibly state-sponsored hackers recently broke through its defenses and stole security-testing tools.

“We were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack,” FireEye CEO Kevin Mandia said in a blog post on Tuesday after the market close.

Read More: Morgan Stanley’s consumer analysts share 13 high-conviction global stocks to buy to capitalize on the continuing economic recovery

The hackers appeared to be “highly trained,” displayed “top-tier offensive capabilities,” and employed a “novel combination of techniques” to break through FireEye’s digital fortifications and access its Red Team tools, which mimic cyber attacks to pinpoint weaknesses in its customers’ protections.

FireEye has roped in the FBI and partners such as Microsoft to help it investigate the incident, Mandia said. It has also developed and shared more than 300 countermeasures in case the thieves deploy its diagnostic tools in the coming weeks.

The stock-price drop likely reflects concerns that FireEye’s customers will be less trusting of the company’s ability to ward off attacks if its own systems can be breached. Investors may also be worried that FireEye’s tools could be blamed for future cyberattacks, or the company could fall victim to further attacks.

Read More: A Lazard fund manager overseeing $2 billion lays out the 6 world-changing trends shaping his latest fund – and explains how he plans to capitalize on each

The cybersecurity group’s profile has grown in recent years, as it has helped companies such as Sony and Equifax deal with high-profile attacks. It was also called in when Russian hackers broke into US government systems in 2015.

Read the original article on Business Insider