There is a distinct possibility that World War 3 could be fought on a digital battlefield. Cyber-attacks that were earlier the SOP of individual malicious actors look very much the new weapon used by faceless APTs across the globe. Last October in 2020, Mumbai suffered a power outage suspected to be caused by a malware attack that had Chinese cyber-attack links. This particular attack even led to the suspension of train and hospital services.
More recently, in January 2021, the world was shocked by actions thought to be perpetrated by an APT (Advanced Persistent Threat) known as Hafnium on the world's largest tech giant, Microsoft. The attack led to data breaches against major corporations on a massive scale leading to devastating financial losses and fallout. Hafnium has alleged ties to the Chinese Government.
The hackers took advantage, and exposed vulnerabilities in Microsoft servers using zero-day exploits. It was estimated that the data of millions of people had been compromised. The massive size of this attack lends credibility to the fact that it is not the actions of individual attackers, but an outfit with significant skills, resources and sophistication. Microsoft has further supported the Hafnium claim, coining the moniker and disclosing the complicated, labor intensive nature of the attack. To date the motives of the attackers remains unknown or undisclosed.
The attack
The 0-day attacks started in early January when suspicious activity on Microsoft Exchange servers was reported. The attacks typically took place using a single vulnerability in virtual servers, largely based with the U.S. However, this happened because of at least four previous vulnerabilities in the Microsoft exchange server, making the hackers bolder with their motives. Microsoft then proceeded to fix the vulnerabilities by deploying patchworks.
Attackers from different countries conduct remote operations from leased virtual servers, and target entities to extract information from various industry sectors, including research data on fields such as medicine, law, state policies, educational institutions, and defense contractors. It is an extremely alarming situation for government agencies and private corporations. Hence, the recent instances call for immediate action to protect and safeguard the data.
The Defense
One of the many cost-effective ways to protect an organization's IT system is to educate the employees on maintaining cyber awareness. The concept of restricting the authorized use of personal devices on the company networks additionally may help to prohibit compromised devices form connecting to the network as well. However, although these types safeguards may help deter attackers from successful attack campaigns and should be expected to contribute to a stronger framework, most successful attack campaigns are successful due to what happened after initial access. By conducting full scale, threat-based security assessment, organizations can root out the shortcomings in their network defense strategy. This requires a holistic and serious approach to cyber risk, quantifying the most serious impact scenarios and their paths to successful exploitation. By doing so, we may be able to shut down phases that are critical to attack campaigns, even in the case of 0-day usage.
It may be prudent to consider outsourcing critical cybersecurity assessments and functions to threat intelligence driven risk experts such as Shadowscape. We ensure expert help through our staff of seasoned security analysts, specifically trained to root out likely attack vectors that can stem even from the most sophisticated attacks. By assessing an organization’s network security program, Shadowscape ensures that your security program is prioritizing your most impactful risks, formulating comprehensive strategy and safeguards to prohibit their compromise. If insight isn’t enough, reach out to learn more about how we can further orchestrate your security through next-generation endpoint protection and threat hunting, patch management, cyber training, comprehensive security audits, disaster recovery and much, much more. These cost-effective, outsourced solutions allow organizations to focus on their core activities rather than worrying about recruiting and managing costly IT security talent, tools and training.
Contact us today at info@shadowscape.io!
Comments