Articles

Microsoft’s Defending Ukraine report offers fresh details on digital…

Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. “There is no going back to normal.”

Last week Microsoft published an in-depth examination of the early cyber lessons learned from the war in Ukraine, offering fresh insight into the scope of Russia’s malicious digital activities and new details about the sophisticated and widespread Russian foreign influence operations surrounding the war. Microsoft has been uniquely positioned to observe the digital landscape in Ukraine since Russia invaded on February 24 and even before then.

Company President Brad Smith noted in March that in addition to funding humanitarian technical relief efforts, Microsoft deployed its RiskIQ platform to identify cybersecurity vulnerabilities in the Ukrainian government system. The company “provided a list of exposed and vulnerable systems to the Ukrainian government that had unpatched high-impact common vulnerabilities and exposures (CVEs) that could provide a foothold for attackers.”

Microsoft security specialists were among the first to discover pre-invasion malware attacks in January that took down around 70 Ukrainian government websites. The company also deployed protections for newly discovered and destructive malware into Microsoft 365 Defender Endpoint Detection (EDR) and Anti-virus (AV) protection on-premises and in the cloud.

In his foreword to the new report, Smith discusses the importance of the first shot of any war, drawing parallels between the current conflict in Ukraine and the 1914 assassination of Archduke Franz Ferdinand, which launched World War I. In the present context, Russia’s first shot against Ukraine was a damaging cyber tool deployed against Ukrainian computers called Foxblade as early as February 23, right before the war began.

Smith said that Russia’s invasion strategy in Ukraine includes “three distinct and sometimes coordinated efforts—destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

US government calls for better information sharing in wake…

The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success.

As the federal government grapples with Russia and China’s widespread and damaging hacks, the Biden administration is seeking new methods for better early threat detection of these sophisticated intrusions. Both the SolarWinds espionage hack attributed to Russian operatives and the exploits of the Microsoft Exchange server vulnerabilities attributed to China were uncovered by private firms, cybersecurity giant FireEye and Microsoft.

Both attacks originated on servers within the US, placing them out of reach of the National Security Agency’s (NSA’s) powerful detection capabilities, which US law restricts to international activities. The new cybersecurity leadership in the Biden White House is brainstorming methods to establish new early warning systems that combine traditional intelligence agency methods with private sector expertise. The White House announced on March 17 the formation of a task force it calls the Unified Coordination Group consisting of federal and private sector representatives charged with finding a “whole of government” response to the Microsoft Exchange attack.

Reportedly chief among the new approaches is establishing more profound information-sharing methods with the private sector. The concept is to set up a real-time threat sharing mechanism where data could be sent to a central repository and paired with intelligence gathered by the NSA and other intel agencies to provide organizations with more immediate threat warnings.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Clint Patterson on Unsplash

 

Articles

Why the Microsoft Exchange Server attack isn’t going away…

For some victims, patching and proper forensics will be difficult, plus new threat actors are now exploiting the same Exchange Server vulnerabilities.

On March 2, Microsoft revealed a critical cybersecurity offensive launched by a foreign adversary against organizations in the United States. The company attributed the attacks to a Chinese advanced persistent threat group it calls Hafnium. Microsoft quickly announced patches for the four previously unknown vulnerabilities in Exchange Server that the malicious actors had exploited.

Reports circulated last week that the hackers compromised at least 30,000, and likely hundreds of thousands, of unpatched Exchange servers. As a consequence, incident responders are working around the clock responding to this latest threat, which they consider an actual attack on public and government IT infrastructure, unlike the still-ongoing, primarily espionage-oriented SolarWinds hack.

The Biden Administration, already grappling with the fallout from the massive SolarWinds hack, which became public in December and has been widely, although not officially, attributed to Russian hackers, said it would take” a whole of government response to assess and address the impact.” Anne Neuberger, the deputy national security adviser for cybersecurity, leads that effort.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Clint Patterson on Unsplash