US Govt Concern Over A Hack On Microsoft’s Exchange Email Software

Cybersecurity expert provides an insight on the news that the US govt has expressed growing concern over a hack on Microsoft’s Exchange email software that the tech company has blamed on China.

Experts Comments

March 15, 2021
Chris Hallenbeck
CISO, Americas
Tanium

It has long been a tactic of nation-state intruders to monitor for signs of being discovered. This often included targeting the mailboxes of security staff. It’s only natural that attackers would want to tap into the broader wealth of information found on a mail server, and also use it as a beachhead into the organization’s network.

 

Beyond the basics of deploying Exchange, most organizations likely lack the skills to perform detailed forensic examinations to determine what might have been

.....Read More

It has long been a tactic of nation-state intruders to monitor for signs of being discovered. This often included targeting the mailboxes of security staff. It’s only natural that attackers would want to tap into the broader wealth of information found on a mail server, and also use it as a beachhead into the organization’s network.

 

Beyond the basics of deploying Exchange, most organizations likely lack the skills to perform detailed forensic examinations to determine what might have been stolen. This puts organizations in the unenviable position of assuming everything was taken.  We can expect a flurry of breach notifications from this recent intrusion campaign.

 

How governments will respond in an effort to rebuke the nation-state sponsors and reign in these massive hacking campaigns has yet to be seen, but it is clear that they must send a definitive message.   

 

As for network defenders, this is another example where even if you have extensive piles of security tools you are likely to experience some breaches. It is important to proactively instrument your networks to gather data and position your security teams so they can respond to the inevitable.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.