The Inner Circle

 View Only

  • 1.  Microsoft Exchange hack

    Posted Jul 19, 2021 11:38:00 AM
    The US and Allies are saying that China caused the Microsoft Exchange hack. However, is China to blame when there were previously undiscovered vulnerabilities in the Microsoft software, and China just exploited them?

    https://lnkd.in/dbSrBnv

    ------------------------------
    Olivia Rempe
    Community Engagement Specialist
    Cloud Security Alliance
    ------------------------------


  • 2.  RE: Microsoft Exchange hack

    Posted Jul 20, 2021 08:54:00 AM

    Well, the analogy I can think of is this one. Suppose someone accidentally leaves a loaded gun on a park bench. That's bad, but so far no one got hurt. Now, I happen to come by, see the gun, grab it, fire it in the direction of a group of people, one of whom gets hit and dies. Does the fact that there was a loaded gun there absolve me from the crime of firing it?




    Original Message


  • 3.  RE: Microsoft Exchange hack

    Posted Jul 21, 2021 08:50:00 AM
    If all you can see on the surveillance cam is a '6-pack of beer' floating our of the shop - because the doors were open at 3AM in the morning - you can blame anyone on the planet - it could even be an invisible 500-pound gorilla that has a great taste of beer. My point is this:

    50% OF ALL SUCCESSFUL CYBER-ATTACKS ARE NEVER DETECTED! (maybe not even detected in retrospective upon forensics)

    I don't know the case here ... but anyone can jump via China and commit cyber-crime anywhere on the planet. Unless you catch the person with the fingers in the salad - you can't be sure - so personally, I would take all these cyber-blame-stories with a grain of salt - and pragmatically help any organisation that would like a much higher resiliency to become immune to most Cyber-attacks. Implement software defined perimeter - either from our competitors or use ours - that's SDP on steroids!

    ------------------------------
    Niels E. Anqvist
    CEO/President
    ZAFEHOUZE USA / ZAFEHOUZE EMEA
    ------------------------------

    Original Message


  • 4.  RE: Microsoft Exchange hack

    Posted Jul 21, 2021 09:49:00 AM
    Claude, I sort-of agree with you. I don't think the "loaded gun on the park bench" quite captures the situation of 'undiscovered vulnerabilities', however. A six-year old could lift the gun and fire it, and so could any able-bodied adult. "Undiscovered vulnerabilities" are not just laying around for anyone to find, and they aren't already weaponized - it is more like ammunition laying around on a park bench and someone has to do the work to make or buy the gun, with specifications to fit the ammunition, and then fire it. This is not something that any six-year-old, nor even most adults, can do. So, absolutely China is to blame (as is anyone else) when they perform these actions. And I can speak from personal experience that nation states deliberately break into software companies around the world specifically to look for undiscovered and undisclosed vulnerabilities in order to weaponize them - in which case, the ammunition was nowhere near the public and was in the locked premises of the ammunition maker.

    ------------------------------
    PAUL RICH
    Executive Director
    JPMorgan Chase & Co.
    ------------------------------

    Original Message


  • 5.  RE: Microsoft Exchange hack

    Posted Jul 21, 2021 11:35:00 AM
    I understand where you all come from - I have no problem in anyone judging if Microsoft or anyone else is to blame (absolutely fine) - but I have a completely different mindset on this topic. I accept there is ammo laying everywhere (I expect Microsoft to be compromized), I expect people with both good and bad intentions has access to root-certificates (weapons or any kind) ... I expect bad things to happen - both from friends and enemies (if I know then).

    What to do?

    How to become a NON-TARGET! If China (or anyone else) can't figure out what is going on, don't understand what to do - the MITRE ATT&CK's 280+ TTPs are more or less no possible (or extremely limited) ... and I'm okay with the risk of getting my data stolen in transit. Question, am I then a target for China (or anyone else for that matter). I'm a target for "shoulder surfing" and if I haven't got control of my "trusted back-end" (PS: for the record. I expect a datacenter to be a "trusted zone" - the user (any user - as in ANY) is in an untrusted zone)

    If anyone can't get any meaningful information from portscans, you're resistant to DDoS and MitM attacks - immune to brute force attacks, immune to code injection, immune to password cracking, immune to lateral movement attacks - AND IMMUNE to infrastructure vulnerabilities (infrastructure is just a simple backbone) ... then, please let me know what China would attack and how. Encapsulate Exchange in a trusted/secure Virtual Private Connectivity solution able to containerize sessions full multi-encrypted.

    Sure there are other ways to attack .. but if we can immunize and shield off 80-90% of the 'castle walls' .. the risk is so much lower - and you can focus resources to the remaining areas - like using Trend-Micro / Palo A. or the likes to monitor incoming traffic, have a much more effective and efficient SOC 24/7 operation (much lower incidents, false positives, IoC's ...) The goal is to become an irrelevant target. 

    PS II ... and by the way, you can get my login/password and even my PC ... and you would still not be able to access my backend systems.

    So for me the park analogy doesn't work ... I'm not an identifiable target anymore (so I might walk the park, passing the bench - without anyone notice, immune to the bullets fired at me - sounds great, right :-) ) ... I'm happy to provide a demo if you like  :-)   


    ------------------------------
    Niels E. Anqvist
    CEO/President
    ZAFEHOUZE USA / ZAFEHOUZE EMEA
    ------------------------------

    Original Message