Scathing attack on Microsoft may be a telling sign of the ensuing global Cyberwar
Given the large-scale digital transformation of industries accelerated by the COVID-19 pandemic, the world today has largely shifted towards digitally activating most of its processes in an effort to reduce redundancy and optimise productivity. Concurrently, the total amount of data production has increased substantially as well; and with it, cybercrime. In fact, according to recent statistics, cybercrime has noted an uptick of almost 600% owing to the COVID-19 pandemic.
This rapidly rising plague of cybercrime: especially the increasing number of ‘large-scale, well-publicised breaches’ noted over the past year, clearly suggests not only a rise in the volume and frequency of cyber-attacks, but also in their rising severity. Such data breaches have not only cost companies billions of dollars over the past few years (an average of $3.86 million per breach, according to IBM), they have also amplified concerns about the risks of identity theft, reputational risks and liabilities for possible compliance violations.
Image: Recent cyberattack victims by sector; Source: Microsoft
Among the biggest cyberattacks of 2020 lie the Twitter-Bitcoin breach of high profile accounts apparently endorsing the purchase of bitcoin, the Marriott data breach revealing sensitive information of almost 5.2 million guests, the Software AG and Sopra Steria Ransomware attacks worth well over $20 million and the several healthcare phishing attacks noted especially in the United States, to name a few.
Half and Half?
Of the above, however, perhaps none are as high-profile and consequential as the current full-blown cybersecurity crisis at Microsoft. In fact, Fortune even opines: “A sophisticated attack on Microsoft Corp.’s widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems.”
Recent intel from Microsoft suggests that these cyber-attacks, having already claimed at least 60,000 victims globally (mostly medium and small-sized enterprises) may be stemming from a Chinese government-backed hacking group aiming to catch those unawares in a wide net that severely compromises private data. Among the most recent victims also lie the European Banking Authority (EBA) and several other banks and electricity providers whose emails, held on a Microsoft server, may have been compromised as well.
“The Chinese hacking group, which Microsoft calls Hafnium, appears to have been breaking into private and government computer networks through the company’s popular Exchange email software for a number of months, initially targeting only a small number of victims, according to Steven Adair, head of the northern Virginia-based Volexity. The cybersecurity company helped Microsoft identify the flaws being used by the hackers for which the software giant issued a fix…” (Fortune)
This scathing attack, coming in only months after the suspected Russian-backed SolarWinds breach, has now greatly concerned US National Security officials as well. Officials are currently working in close collaboration with Microsoft to trace the hacks and safeguard their data from further attacks, with US President Joe Biden even sanctioning a dedicated emergency task-force to aid the process. This rising alarm stems from the high volume of attacks seen over the past few days: where perpetrators seem to have automated their processes, ‘scooping up tens of thousands of new victims around the world in a matter of days’
Both this recent incident and the previous SolarWinds attack reveal the innate fragility of modern networks and the sophisticated means of modern hackers, especially if they are state-sponsored to identify vulnerabilities and conduct espionage in rival economies. These cyberattacks are complex and the blast radius (of the affected data) rather large, requiring organisations several weeks or months to extrapolate and resolve the ensuing issues. The evolving role of cybersecurity professionals is thus brought to the fore: they are more indispensable today than they ever have been in the past.