“We’ve been tracking the SolarWinds breach since it was first disclosed before Christmas. Then comes the MS Exchange server hack which is thought to have infected what some analysts have estimated run to almost a hundred thousand of internet-facing Exchange servers worldwide. If history is any guide, many users will be unaware they’ve been compromised.
“It struck me as darkly ironic that the first (SolarWinds) hack was caused by organisations doing the right thing, patching systems. The MS Exchange server hack was caused by the exact opposite. Failing to patch. This complicates the messaging we’ve been accustomed to provide: patch early, often and soon. Now we have to add a caveat...but make sure the patch you install hasn’t been compromised," Peter continued.
“However, as our panelists point out in this video, it’s not exactly clear how organisations will have the capability to do that. It’s a diabolical situation, and we’re yet to see the full consequences.”
“One of those consequences is that attack groups are moving quickly to leverage the foothold they now have by installing ransomware tools, such as the newly named DearCry attack method. No doubt others will be found. But our real concern is for those that may never be found or are used to update firmware to the point where no amount of patching, scanning or remediation will restore system integrity,” Peter concluded.
The panel discussion highlights the complexities of the situation and explores the presumed nation state motivations underlying both attacks.
The opinions stated are not necessarily those of either the Cybersecurity Advisors Network or the respective employers of each speaker.