Security brings this monthly Cybersecurity and Geopolitical vodcast to our readers as a discussion on the latest news and issues affecting countries, industries, security and risk professionals, and their enterprises around the globe. Listen now!
The boundary between cybersecurity and geopolitics has never been as porous as it is now, with both having a significant influence on the other. The enmeshing of cybersecurity and geopolitics brings new challenges and intriguing flashpoints. In this month’s March 2021 podcast, Ian Thornton-Trump (Cyjax CISO) is joined by Tristan de Souza (Editor and Head of Communications at Cyjax) to look at the exploitation of Microsoft Exchange Server vulnerabilities by Chinese threat actors, explore the SolarWinds debacle, analyze cybercrime’s effect on the American recovery, and talk about the need for continued education against fake news.
Microsoft Exchange vulnerabilities
This month saw reports that Chinese computer network operatives exploiting multiple 0day vulnerabilities to access on-premises Exchange Servers. The threat group, dubbed HAFNIUM, forced Microsoft to distribute an out-of-band patch because of the breadth of the attacks: primarily US-based entities across several industry sectors, including infectious disease research, law, higher education, defense, and policy (think tanks and NGOs). As noted by Ian, this is a serious issue: email is both incredibly vulnerable and incredibly valuable, from a threat actor’s perspective. If access is gained to a company inbox, all manner of sensitive data can be exposed. In many ways, this was just a ticking time bomb. What’s the best way forward? And how do we create a secure environment for business communication?
SolarWinds keep blowing
This story, which initially broke at the beginning of December 2020, has yet to run its course. There are now a little under ten individual malware variants tied to the supply-chain attack, and the SolarWinds executives have been hauled in front of US government committees. Intriguingly, there appears to be no appetite for similar action in the UK, even though this attack will almost certainly have compromised ongoing espionage activity across the Five Eyes countries – of which the UK is one. Ian compares SolarWinds’ reaction – to blame an intern – with the way in which Zoom tackled innumerable bug reports that were laid bare in the media and pored over by people across the globe, after its product was catapulted to the forefront of everyone’s consciousness by the onset of the coronavirus pandemic. One of these companies got it right. Tristan points out that corporate responsibility needs to play a far bigger role in the protection of data.
Cybercrime and the American recovery
We have yet to see what the fallout from the SolarWinds and Microsoft issues – as well as those affecting Accellion – will have on the cyber-insurance sector. Will premiums be raised? Will there be more stringent penalties imposed on the victims by their insurers down the line? And is legislation necessary? Certainly, the theft of intellectual property and the potential exposure of data in mailboxes could be disastrous for the victims. But it is hard to see any benefit for either Russia or China (the alleged state sponsors of the groups responsible for the attacks on SolarWinds and Microsoft) to slow down the recovery in the US. Rather than state-sponsored cyber-attack groups, Tristan sees ransomware groups like Cl0p as being the main threat to the US and global economic recovery. The operators of Cl0p have been distributing their ransomware through an Accellion file transfer product, infecting both public and private sector organizations around the world, causing untold disruption and a heavy financial cost on victims.
Rounding off the podcast, Ian ropes in Meghan and Harry (and the way in which social media has been used to both help and hinder them) to make a broader point about Russian disinformation, and political discourse more generally: he wonders whether have we reached a point where our politics is so divided that we cannot hope to establish consensus around things such as climate change and internet governance? And what should the long-term strategies be for addressing misinformation? That last question will be the over-arching theme of next month’s podcast, but for now, listen in for Ian and Tristan’s insights on all of the topics outlined above – here.