Early in March, 2021, we saw an “unusually aggressive” attack on companies in the U.S. The attack, first reported by Brian Krebs on March 5, 2021, led to hackers gaining access to at least 30,000 email accounts belonging to employees at many organizations across the country. In response, the New Administration moved to launch a Cyber Task Force.
In some ways, this kind of attack is the new normal. However, both the scale and response to the attack indicate that we might be entering a new phase in the simmering cyber warfare that has defined the last decade in cybersecurity.
The Hack – Bringing Forth the Cyber Task Force
The details of the hack are worrisome for many businesses in the U.S. because it targeted one of the most widely used systems in the country, Microsoft Exchange. Hackers used this system to gain back-end access to many of the subsidiary systems that rely on the Exchange Server for authentication and user management.
In practice, this meant that hackers were able to gain “total, remote control over affected systems,” according to an expert quoted by Krebs. These systems are used by a notable variety of U.S. companies and institutions. Initial reports are that this hack affected not just small businesses, but also credit unions, banks, and even city governments across the country.
Since this attack vector affects online systems at such a fundamental level, even organizations that thought they had appropriate security practices in place, they had data stolen because it was stored in Microsoft Exchange servers, where the data could potentially be accessed during this hack.
At first glance, this most recent attack bears many similarities with the series of sophisticated attacks that affected SolarWinds earlier this year. The recent attack replicates some of the methods used against SolarWinds and also some of the targets – the hackers who went after SolarWinds managed to breach about 100 U.S. companies and nine federal agencies. That attack was initially blamed on Russia, but evidence of Chinese involvement is also emerging.
That being said, there are some differences between the attacks. For starters, the most recent Microsoft hack, which one former national security official briefed on the matter called “absolutely massive” in an interview with Wired, may end up being larger than even that directed against SolarWinds.
The intention appears to have been different, as well. Though the recent attack seems to have compromised many systems and may have affected U.S. government agencies, the hackers do not appear to have stolen much data or have not demanded cryptocurrency as a ransom, which has become a common practice as of late.
Instead, the hack is perhaps best seen as a type of exercise that will be familiar to those with an interest in cyberwarfare. It appears to have been a show of strength undertaken to warn the new U.S. Administration what Russia, China, or another nation-state actor is capable of.
The Response – A Cyber Task Force
Given the size of the attack, the response to it has been impressively calm and effective. Though we are getting used to the growing threat of elite Russian hackers, the response of the previous Administration to this kind of sophisticated cyber-attack was always a little panicked.
It seems that the new Administration will take a different approach, and one that stresses cooperation and collaboration between all government agencies. Following news of the hack, the government immediately instigated a multi-agency effort, one that is chaired by the National Security council, but that also includes the FBI, CISA, and others. The purpose of this group, according to U.S. officials, is to “determine who has been hacked, what has been done, and how to quickly patch the vulnerabilities.”
This might be difficult, however. Microsoft first issued patches on Tuesday, March 2, 2021, however, fixing the issue will be more complicated than this. These patches do not undo the damage already caused, Oliver Tavakoli, the Chief Technology Officer at California-based security firm, Vectra, told the Guardian earlier this week. As a result, government agencies and businesses alike are expected to complete a time-consuming audit of their systems.
A New Era?
In some ways, this recent attack represents merely the continuation of a situation that has been largely the same for a decade now, Russian and Chinese-sponsored attacks against U.S. infrastructure that raises much concern but leaves little lasting damage.
On the other hand, the Administration’s response is heartening. By seeing attacks like this as a multi-agency problem, we may be seeing the first steps toward a much more cohesive and resilient U.S. strategy for dealing with cyber risk; one that recognizes that cyber-attacks cannot be defeated by technology alone, but also require a managerial response to handle insider risk and mitigate adverse consequences.