I understand where you all come from - I have no problem in anyone judging if Microsoft or anyone else is to blame (absolutely fine) - but I have a completely different mindset on this topic. I accept there is ammo laying everywhere (I expect Microsoft to be compromized), I expect people with both good and bad intentions has access to root-certificates (weapons or any kind) ... I expect bad things to happen - both from friends and enemies (if I know then).
What to do?
How to become a NON-TARGET! If China (or anyone else) can't figure out what is going on, don't understand what to do - the MITRE ATT&CK's 280+ TTPs are more or less no possible (or extremely limited) ... and I'm okay with the risk of getting my data stolen in transit. Question, am I then a target for China (or anyone else for that matter). I'm a target for "shoulder surfing" and if I haven't got control of my "trusted back-end" (PS: for the record. I expect a datacenter to be a "trusted zone" - the user (any user - as in ANY) is in an untrusted zone)
If anyone can't get any meaningful information from portscans, you're resistant to DDoS and MitM attacks - immune to brute force attacks, immune to code injection, immune to password cracking, immune to lateral movement attacks - AND IMMUNE to infrastructure vulnerabilities (infrastructure is just a simple backbone) ... then, please let me know what China would attack and how. Encapsulate Exchange in a trusted/secure Virtual Private Connectivity solution able to containerize sessions full multi-encrypted.
Sure there are other ways to attack .. but if we can immunize and shield off 80-90% of the 'castle walls' .. the risk is so much lower - and you can focus resources to the remaining areas - like using Trend-Micro / Palo A. or the likes to monitor incoming traffic, have a much more effective and efficient SOC 24/7 operation (much lower incidents, false positives, IoC's ...) The goal is to become an irrelevant target.
PS II ... and by the way, you can get my login/password and even my PC ... and you would still not be able to access my backend systems.
So for me the park analogy doesn't work ... I'm not an identifiable target anymore (so I might walk the park, passing the bench - without anyone notice, immune to the bullets fired at me - sounds great, right :-) ) ... I'm happy to provide a demo if you like :-)
------------------------------
Niels E. Anqvist
CEO/President
ZAFEHOUZE USA / ZAFEHOUZE EMEA
------------------------------
Original Message:
Sent: Jul 21, 2021 09:48:55 AM
From: PAUL RICH
Subject: Microsoft Exchange hack
Claude, I sort-of agree with you. I don't think the "loaded gun on the park bench" quite captures the situation of 'undiscovered vulnerabilities', however. A six-year old could lift the gun and fire it, and so could any able-bodied adult. "Undiscovered vulnerabilities" are not just laying around for anyone to find, and they aren't already weaponized - it is more like ammunition laying around on a park bench and someone has to do the work to make or buy the gun, with specifications to fit the ammunition, and then fire it. This is not something that any six-year-old, nor even most adults, can do. So, absolutely China is to blame (as is anyone else) when they perform these actions. And I can speak from personal experience that nation states deliberately break into software companies around the world specifically to look for undiscovered and undisclosed vulnerabilities in order to weaponize them - in which case, the ammunition was nowhere near the public and was in the locked premises of the ammunition maker.
------------------------------
PAUL RICH
Executive Director
JPMorgan Chase & Co.
Original Message:
Sent: Jul 20, 2021 08:53:43 AM
From: Claude Baudoin
Subject: Microsoft Exchange hack
Well, the analogy I can think of is this one. Suppose someone accidentally leaves a loaded gun on a park bench. That's bad, but so far no one got hurt. Now, I happen to come by, see the gun, grab it, fire it in the direction of a group of people, one of whom gets hit and dies. Does the fact that there was a loaded gun there absolve me from the crime of firing it?
Original Message:
Sent: 7/19/2021 2:38:00 PM
From: Olivia Rempe
Subject: Microsoft Exchange hack
The US and Allies are saying that China caused the Microsoft Exchange hack. However, is China to blame when there were previously undiscovered vulnerabilities in the Microsoft software, and China just exploited them?
https://lnkd.in/dbSrBnv
------------------------------
Olivia Rempe
Community Engagement Specialist
Cloud Security Alliance
------------------------------