Microsoft Exchange Attack Proves the Need for Jurisdiction in Cyber Court, What Expert Says

Several Western countries have accused China of hacking Microsoft Exchange, which affected at least 30,000 organisations around the world, and China has since slammed claims.

Subscribe
Notify of
guest
2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Mike Campfield
Mike Campfield , Head of EMEA Operations
InfoSec Expert
July 21, 2021 3:23 pm

<p>The latest developments in the Microsoft Exchange cyberattack shed a light on a bigger issue in cybersecurity: there is no jurisdiction in cyber court, it’s country versus country. Over the past few months, starting with the sanctions on Russia and continuing in the aftermath of the attacks on Colonial Pipeline and Kaseya, there seems to be a growing willingness among governments––including the United States––to more actively name and take action against the perpetrators of cyber attacks. Identifying the groups responsible for these damaging attacks is a critical first step to achieving accountability on a global scale, but it\’s not enough. </p>
<p>In addition to standards of conduct for nation states when it comes to cyber activity, countries around the world are going to need to start working in close partnership with the private sector to ensure that cyber attacks are accurately and reliably reported––including by implementing mandatory reporting requirements. We’re starting to see global operating rules come into play, as seen with the <a href=\"https://thehackernews.com/2021/06/ukraine-police-arrest-cyber-criminals.html\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://thehackernews.com/2021/06/ukraine-police-arrest-cyber-criminals.html&source=gmail&ust=1626956839791000&usg=AFQjCNHNUsp_TXtjRtdkNOqd8N4qFAjZVQ\">raid of the Clop ransomware gang</a> in Ukraine, the <a href=\"https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/&source=gmail&ust=1626956839791000&usg=AFQjCNExwh_pEIf8JC3_WaDvOX9txQvuIw\">EU imposing the first sanctions</a> against cyber attacks and the attribution by NATO in this latest attack. For every attack that makes headlines, there are countless more that are hidden to preserve the reputations of companies. Until we get accurate reporting, combined with broad standards for conduct and accountability, the crisis will continue to escalate.</p>

Last edited 11 months ago by Mike Campfield
David Higgins
David Higgins , EMEA Technical Director
InfoSec Expert
July 21, 2021 3:24 pm

<p style=\"font-weight: 400;\">Whenever something of this nature affects a political party, nation state involvement must be considered as likely, given what has been reported.  While the motive is not yet clear – and motive is of course key in determining who might have accessed these systems – the fact of who has been targeted and the level of sophistication involved indicates some kind of nation state involvement or sponsorship. The motive is often gaining competitive market advantage – government policies that could be seen as likely to provoke ‘trade wars’ are very likely to trigger a new round of nation-state attacks designed to steal intellectual property and other trade secrets. But this is just one of many potential reasons. Destabilisation, experimentation, information wars, policy influence and myriad other possibilities also exist.</p>
<p style=\"font-weight: 400;\">It is very likely that we will continue to see more of these attacks in 2021. Nation-state attackers will combine Zero Day exploits with existing, unsophisticated – yet proven – tactics with new techniques to exfiltrate IP, as opposed to just targeting PII or other sensitive data.</p>
<p style=\"font-weight: 400;\">Can these attacks be defended against? The very nature of a Zero Day exploit – an exploit that is not yet known about (other than by the attackers) – means that it will succeed until such time as a patch for the vulnerability becomes available. However, what we can do is be pretty confident what will happen after the initial intrusion is achieved via the Zero Day vulnerability. Security teams must look for credential compromise, lateral movement, unauthorised privileged access and the like. We can’t predict a Zero Day attack, but we know what happens afterwards, and so it is imperative that organisations close down the common attack routes of identity and privilege compromise.</p>

Last edited 11 months ago by David Higgins
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x