It has been reported that tens of thousands of US-based organisations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application. KrebsOnSecurity was the first to report the mass hack. Citing multiple unnamed people, reporter Brian Krebs put the number of compromised US organisations at at least 30,000. Worldwide, Krebs said there were at least 100,000 hacked organisations.
Make no mistake, the Exchange Server cyber attack is a cold and calculated assault. The Chinese know exactly what they are doing and they are testing the resolve and resiliency of the Biden administration. In the early days of this new administration, they have their hands full investigating the Russian's responsible for carrying out the SolarWinds breach. We are all waiting for their response on that, and you have to wonder when it will come in light of this new devastating attack.
SolarWinds had crippling effects on hundreds of businesses and nearly a dozen U.S. government agencies. Yet it's safe to say the Exchange Server breach is 1,000 times more crippling because the Chinese attacked small and medium sized businesses, the lifeblood of the U.S. and global economy. There could be hundreds of thousands of businesses crippled. As if the devastating effects of COVID-19 aren't enough for small businesses, municipalities and other organisations that were forced to either close or downsize their staff over the past year, they are now taking another collective punch to the midsection.
Russia, China, North Korea and Iran make up the axis of cyber evil and their well-trained and highly skilled teams are cold-blooded, have no conscience and have a singular goal of seeing the United States and Europe suffer and scramble. Why else would constantly attack hospitals, research companies and the vaccine supply chain? They do it because they can and because they are ruthless profiteers. In the bigger picture, when Microsoft is in trouble, the global economy and our wellbeing is in trouble. They are #21 on the Fortune 500 and their products are used in every corner of the world.
Immediately, the United States and other countries at the state and national level need to be threat hunting around the clock in their networks. There is power in an approach of many, and sharing intelligence, sharing the locations of where the cyber criminals are located, rousting them out of their offices and putting their names on the front pages of every news outlet in the world, is a start to putting defenders on higher ground above threat actors. In addition, an operation centric approach to fighting cybercrime is needed so that defenders see every aspect of the threat actors' malicious operation to better digest disparate pieces of information, pinpoint the malicious behaviour and stop it before it has material impact.Read Less
