\"<p>Cybersecurity
Cybersecurity analysts trying to pull together a complete picture of the hack said their analyses concur with the figure of 30,000 U.S. victims published Friday by cybersecurity blogger Brian Krebs. Alperovitch said about 250,000 global victims has been estimated.<\/span><\/figcaption><\/figure>BOSTON: Victims of a massive global hack of Microsoft<\/a> email server software - estimated in the tens of thousands by cybersecurity responders - hustled Monday to shore up infected systems<\/a> and try to diminish chances that intruders might steal data or hobble their networks.

The White House has called the hack an \"active threat\" and said senior national security officials were addressing it.

The breach was discovered in early January and attributed to Chinese cyber spies targeting U.S. policy think tanks. Then in late February, five days before Microsoft issued a patch on March 2, there was an explosion of infiltrations by other intruders, piggybacking on the initial breach. Victims run the spectrum of organizations that run email servers, from mom-and-pop retailers to law firms, municipal governments, healthcare providers and manufacturers.

While the hack doesn't pose the kind of national security threat as the more sophisticated
SolarWinds<\/a> campaign, which the Biden administration blames on Russian intelligence officers, it can be an existential threat for victims who didn't install the patch in time and now have hackers lingering in their systems. The hack poses a new challenge for the White House, which even as it prepares to respond to the SolarWinds breach, must now grapple with a formidable and very different threat from China.

\"I would say it's a serious economic security threat because so many small companies out there can literally have their business destroyed through a targeted ransomware attack,\" said Dmitri Alperovitch, former chief technical officer of the cybersecurity firm
CrowdStrike<\/a>.

He blames China for the global wave of infections that began Feb. 26, though other researchers say it's too early to confidently attribute them. It's a mystery how those hackers got wind of the initial breach because no one knew about this except a few researchers, Alperovitch said.

After the patch was released, a third wave of infections began, a piling on that typically occurs in such cases because Microsoft dominates the software market and offers a single point of attack.

Cybersecurity analysts trying to pull together a complete picture of the hack said their analyses concur with the figure of 30,000 U.S. victims published Friday by cybersecurity blogger Brian Krebs. Alperovitch said about 250,000 global victims has been estimated.

Microsoft has declined to say how many customers it believes are infected.

David Kennedy, CEO of cybersecurity firm TrustedSec, said hundreds of thousands of organizations could have been vulnerable to the hack.

\"Anybody that had Exchange installed was potentially vulnerable,\" he said. \"It's not every single one but it's a large percentage of them.\"

Katie Nickels, director of intelligence at the cybersecurity firm Red Canary, warned that installing patches won't be enough to protect those already infected. \"If you patch today that is going to protect you going forward but if the adversaries are already in your system then you need to take care of that,\" she said.

A smaller number of organizations were targeted in the initial intrusion by hackers who grabbed data, stole credentials or explored inside networks and left backdoors at universities, defense contractors, law firms and infectious-disease research centers, researchers said. Among those Kennedy has been working with are manufacturers worried about intellectual property theft, hospitals, financial institutions and managed service providers who host multiple company networks.

\"On the scale of one to 10, this is a 20,\" Kennedy said. \"It was essentially a skeleton key to open up any company that had this Microsoft product installed.\"

Asked for comment, the Chinese embassy in Washington pointed to remarks last week from Foreign Ministry spokesperson Wang Wenbin saying that China \"firmly opposes and combats cyber attacks and cyber theft in all forms\" and cautioning that attribution of cyberattacks should be based on evidence and not \"groundless accusations.\"

The hack did not affect the cloud-based Microsoft 365 email and collaboration systems favored by Fortune 500 companies and other organizations that can afford quality security. That highlights what some in the industry lament as two computing classes - the security \"haves\" and \"have-nots.\"

Ben Read, director of analysis at Mandiant, said the cybersecurity firm has not seen anyone leverage the hack for financial gain, \"but for folks out there who are affected time is of the essence in terms of of patching this issue.\"

That is easier said than done for many victims. Many have skeleton IT staff and can't afford an emergency cybersecurity response - not to mention the complications of the pandemic.

Fixing the problem isn't as simple as clicking an update button on a computer screen. It requires upgrading an organization's entire so-called \"Active Directory,\" which catalogues email users and their respective privileges.

\"Taking down your e-mail server is not something you do lightly,\" said Alperovitch, who chairs the nonprofit Silverado Policy Accelerator think tank.

Tony Cole of Attivo Networks said the huge number of potential victims creates a perfect \"smokescreen\" for nation-state hackers to hide a much smaller list of intended targets by tying up already overstretched cybersecurity officials. \"There's not enough incident response teams to handle all of this.\"

Many experts were surprised and perplexed at how groups rushed to infect server installations just ahead of Microsoft's patch release. Kennedy, of TrustedSec, said it took Microsoft too long to get a patch out, though he does not think it should have notified people about it before the patch was ready.

Steven Adair of the cybersecurity firm Volexity, which alerted Microsoft to the initial intrusion, described a \"mass, indiscriminate exploitation\" that began the weekend before the patch was released and included groups from \"many different countries, (including) criminal actors.\"

The Cybersecurity Infrastructure and Security Agency issued an urgent alert on the hack last Wednesday and National Security Adviser Jake Sullivan tweeted about it Thursday evening.

But the White House has yet to announce any specific initiative for responding.
<\/body>","next_sibling":[{"msid":81403813,"title":"EU approves Microsoft's $7.5 billion ZeniMax Media acquisition","entity_type":"ARTICLE","link":"\/news\/eu-approves-microsofts-7-5-billion-zenimax-media-acquisition\/81403813","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":81403851,"entity_type":"ARTICLE","title":"Microsoft server hack has victims hustling to stop intruders","synopsis":"The hack poses a new challenge for the White House, which even as it prepares to respond to the SolarWinds breach, must now grapple with a formidable and very different threat from China.","titleseo":"telecomnews\/microsoft-server-hack-has-victims-hustling-to-stop-intruders","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":232,"shares":0,"engagementtimems":854000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2021-03-09 08:20:26","lastupd":"2021-03-09 08:23:16","breadcrumbTags":["Microsoft","infected systems","Microsoft server hack","SolarWinds","international","CrowdStrike","Internet"],"secinfo":{"seolocation":"telecomnews\/microsoft-server-hack-has-victims-hustling-to-stop-intruders"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2021-03-09" data-index="article_1">

微软服务器黑客受害者拼命阻止入侵者

黑客给白宫带来了一个新的挑战,甚至准备应对SolarWinds违约,现在必须应对一个强大的和非常不同的来自中国的威胁。

  • 更新2021年3月9日08:23点坚持
阅读: 100年行业专业人士
读者的形象读到100年行业专业人士
< p >网络安全分析师试图拼凑一个完整的画面,黑客说,他们分析同意周五公布的30000年美国受害者的图网络博客作者布莱恩·克雷布斯。Alperovitch说据估计250000年全球受害者。< / p >
网络安全分析师试图拼凑一个完整的画面,黑客说,他们分析同意周五公布的30000年美国受害者的图网络博客作者布莱恩·克雷布斯。Alperovitch说据估计250000年全球受害者。
波士顿:大规模的全球黑客的受害者微软邮件服务器软件,估计成千上万的网络安全人员——赶周一来支撑受感染的系统并尽量减少机会,入侵者可能会窃取数据或阻碍他们的网络。

白宫称黑客一个“活跃的威胁”,并表示国家安全高级官员解决它。

广告
违反1月初被发现,由于中国网络间谍瞄准美国政策智库。然后在2月底,五天前微软发布了一个补丁3月2日,发生爆炸的渗入其他入侵者,捎带上最初的违反。受害者运行组织的光谱电子邮件服务器运行,从夫妻经营的零售商到律师事务所,市级政府、医疗保健供应商和制造商。

而黑客并不构成国家安全的威胁更加复杂SolarWinds运动,拜登政府指责俄罗斯情报人员,可以是一项关乎生死存亡的威胁受害者没有及时安装补丁,现在有黑客在他们的系统。黑客给白宫带来了一个新的挑战,甚至准备应对SolarWinds违约,现在必须应对一个强大的和非常不同的来自中国的威胁。

“我认为这是一个严重的经济安全威胁,因为很多小公司可以通过一个毁了自己的业务目标ransomware攻击,“Dmitri Alperovitch说前网络安全公司的首席技术官CrowdStrike

他指责中国为全球性的感染,2月26日开始,虽然其他研究人员说自信属性还为时过早。这是一个神秘的那些黑客如何风闻最初的违反,因为没有人知道除了一些研究者,Alperovitch说。

补丁发布后,感染开始的第三次浪潮,一桩,通常发生在这种情况下,因为微软在软件市场上占据主导地位,并提供一个单点的攻击。

广告
网络安全分析师试图拼凑一个完整的画面,黑客说,他们分析同意周五公布的30000年美国受害者的图网络博客作者布莱恩·克雷布斯。Alperovitch说据估计250000年全球受害者。

微软拒绝透露有多少客户认为感染。

网络安全公司的首席执行官大卫•肯尼迪TrustedSec说,成千上万的组织可能是容易受到攻击。

“任何人都有交换安装可能是脆弱的,”他说。“这不是每一个人但也是一个相当大的比例。”

凯蒂·尼克尔斯网络安全公司的情报主管红金丝雀,警告说,安装补丁不足以保护那些已经感染。“如果你今天补丁,将保护你前进但如果对手已经在你的系统,那么您需要留意的,”她说。

少数组织被黑客抓住目标在最初的入侵数据,偷了凭证或探索内部网络和左后门大学,国防承包商,律师事务所和传染病研究中心,研究人员说。在肯尼迪一直在与制造商担心知识产权盗窃、医院、金融机构和服务提供商托管多个公司网络管理。

“在1到10的规模,这是一个20岁,”肯尼迪说。“这是一个万能钥匙打开任何公司安装微软的产品。”

问置评,中国驻华盛顿大使馆指出言论王文斌上周从外交部发言人说,中国“坚决反对和打击各种形式的网络攻击和网络盗窃”和警告说,网络攻击归因应该基于证据并不是“毫无根据的指责”。

黑客并不影响云的微软365的电子邮件和协作系统的财富500强企业和其他组织能负担得起的质量安全。这突显出一些业内人士哀叹两个计算类——安全“富人”和“穷人”。

Mandiant公司本阅读,分析主任,说没有见过有人利用网络安全公司经济利益的攻击,“但为那些受影响的人的本质而言,时间是修补这个问题。”

许多受害者是说起来容易做起来难。许多人骨架IT人员和买不起网络安全紧急响应,更不用说大流行性流感的并发症。

要解决这一问题不是那么简单点击更新按钮在电脑屏幕上。它需要升级一个组织的整个所谓“Active Directory,”目录电子邮件用户和各自的特权。

“取下您的电子邮件服务器不是你轻轻地,“Alperovitch说,非营利组织主席西尔维拉多政策加速器智库。

Attivo网络的托尼•科尔表示,大量的潜在受害者为民族国家创建一个完美的“烟幕”黑客隐藏一个小得多的列表已经过度捆绑网络安全官员的目标。“没有足够的事件反应小组来处理这一切。”

许多专家感到惊讶和困惑如何组织送往感染服务器安装微软补丁发布之前。TrustedSec肯尼迪表示,微软花了太长的时间来获得一个补丁,但他并不认为人们应该通知一下补丁之前准备好。

史蒂文阿戴尔的网络安全公司Volexity提醒微软最初的入侵,描述了“质量,不剥削”补丁发布之前的周末开始,包括组织从许多不同的国家,(包括)刑事演员。”

网络安全基础设施和安全机构发出紧急警报在上周三黑客和国家安全顾问杰克沙利文在星期四晚上。

但是白宫尚未宣布任何具体行动响应。
  • 发布于2021年3月9日凌晨08:20坚持
是第一个发表评论。
现在评论

加入2 m +行业专业人士的社区

订阅我们的通讯最新见解与分析。乐动扑克

下载ETTelec乐动娱乐招聘om应用

  • 得到实时更新
  • 保存您最喜爱的文章
扫描下载应用程序
\"&lt;p&gt;Cybersecurity
Cybersecurity analysts trying to pull together a complete picture of the hack said their analyses concur with the figure of 30,000 U.S. victims published Friday by cybersecurity blogger Brian Krebs. Alperovitch said about 250,000 global victims has been estimated.<\/span><\/figcaption><\/figure>BOSTON: Victims of a massive global hack of Microsoft<\/a> email server software - estimated in the tens of thousands by cybersecurity responders - hustled Monday to shore up infected systems<\/a> and try to diminish chances that intruders might steal data or hobble their networks.

The White House has called the hack an \"active threat\" and said senior national security officials were addressing it.

The breach was discovered in early January and attributed to Chinese cyber spies targeting U.S. policy think tanks. Then in late February, five days before Microsoft issued a patch on March 2, there was an explosion of infiltrations by other intruders, piggybacking on the initial breach. Victims run the spectrum of organizations that run email servers, from mom-and-pop retailers to law firms, municipal governments, healthcare providers and manufacturers.

While the hack doesn't pose the kind of national security threat as the more sophisticated
SolarWinds<\/a> campaign, which the Biden administration blames on Russian intelligence officers, it can be an existential threat for victims who didn't install the patch in time and now have hackers lingering in their systems. The hack poses a new challenge for the White House, which even as it prepares to respond to the SolarWinds breach, must now grapple with a formidable and very different threat from China.

\"I would say it's a serious economic security threat because so many small companies out there can literally have their business destroyed through a targeted ransomware attack,\" said Dmitri Alperovitch, former chief technical officer of the cybersecurity firm
CrowdStrike<\/a>.

He blames China for the global wave of infections that began Feb. 26, though other researchers say it's too early to confidently attribute them. It's a mystery how those hackers got wind of the initial breach because no one knew about this except a few researchers, Alperovitch said.

After the patch was released, a third wave of infections began, a piling on that typically occurs in such cases because Microsoft dominates the software market and offers a single point of attack.

Cybersecurity analysts trying to pull together a complete picture of the hack said their analyses concur with the figure of 30,000 U.S. victims published Friday by cybersecurity blogger Brian Krebs. Alperovitch said about 250,000 global victims has been estimated.

Microsoft has declined to say how many customers it believes are infected.

David Kennedy, CEO of cybersecurity firm TrustedSec, said hundreds of thousands of organizations could have been vulnerable to the hack.

\"Anybody that had Exchange installed was potentially vulnerable,\" he said. \"It's not every single one but it's a large percentage of them.\"

Katie Nickels, director of intelligence at the cybersecurity firm Red Canary, warned that installing patches won't be enough to protect those already infected. \"If you patch today that is going to protect you going forward but if the adversaries are already in your system then you need to take care of that,\" she said.

A smaller number of organizations were targeted in the initial intrusion by hackers who grabbed data, stole credentials or explored inside networks and left backdoors at universities, defense contractors, law firms and infectious-disease research centers, researchers said. Among those Kennedy has been working with are manufacturers worried about intellectual property theft, hospitals, financial institutions and managed service providers who host multiple company networks.

\"On the scale of one to 10, this is a 20,\" Kennedy said. \"It was essentially a skeleton key to open up any company that had this Microsoft product installed.\"

Asked for comment, the Chinese embassy in Washington pointed to remarks last week from Foreign Ministry spokesperson Wang Wenbin saying that China \"firmly opposes and combats cyber attacks and cyber theft in all forms\" and cautioning that attribution of cyberattacks should be based on evidence and not \"groundless accusations.\"

The hack did not affect the cloud-based Microsoft 365 email and collaboration systems favored by Fortune 500 companies and other organizations that can afford quality security. That highlights what some in the industry lament as two computing classes - the security \"haves\" and \"have-nots.\"

Ben Read, director of analysis at Mandiant, said the cybersecurity firm has not seen anyone leverage the hack for financial gain, \"but for folks out there who are affected time is of the essence in terms of of patching this issue.\"

That is easier said than done for many victims. Many have skeleton IT staff and can't afford an emergency cybersecurity response - not to mention the complications of the pandemic.

Fixing the problem isn't as simple as clicking an update button on a computer screen. It requires upgrading an organization's entire so-called \"Active Directory,\" which catalogues email users and their respective privileges.

\"Taking down your e-mail server is not something you do lightly,\" said Alperovitch, who chairs the nonprofit Silverado Policy Accelerator think tank.

Tony Cole of Attivo Networks said the huge number of potential victims creates a perfect \"smokescreen\" for nation-state hackers to hide a much smaller list of intended targets by tying up already overstretched cybersecurity officials. \"There's not enough incident response teams to handle all of this.\"

Many experts were surprised and perplexed at how groups rushed to infect server installations just ahead of Microsoft's patch release. Kennedy, of TrustedSec, said it took Microsoft too long to get a patch out, though he does not think it should have notified people about it before the patch was ready.

Steven Adair of the cybersecurity firm Volexity, which alerted Microsoft to the initial intrusion, described a \"mass, indiscriminate exploitation\" that began the weekend before the patch was released and included groups from \"many different countries, (including) criminal actors.\"

The Cybersecurity Infrastructure and Security Agency issued an urgent alert on the hack last Wednesday and National Security Adviser Jake Sullivan tweeted about it Thursday evening.

But the White House has yet to announce any specific initiative for responding.
<\/body>","next_sibling":[{"msid":81403813,"title":"EU approves Microsoft's $7.5 billion ZeniMax Media acquisition","entity_type":"ARTICLE","link":"\/news\/eu-approves-microsofts-7-5-billion-zenimax-media-acquisition\/81403813","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":81403851,"entity_type":"ARTICLE","title":"Microsoft server hack has victims hustling to stop intruders","synopsis":"The hack poses a new challenge for the White House, which even as it prepares to respond to the SolarWinds breach, must now grapple with a formidable and very different threat from China.","titleseo":"telecomnews\/microsoft-server-hack-has-victims-hustling-to-stop-intruders","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":232,"shares":0,"engagementtimems":854000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2021-03-09 08:20:26","lastupd":"2021-03-09 08:23:16","breadcrumbTags":["Microsoft","infected systems","Microsoft server hack","SolarWinds","international","CrowdStrike","Internet"],"secinfo":{"seolocation":"telecomnews\/microsoft-server-hack-has-victims-hustling-to-stop-intruders"}}" data-news_link="//www.iser-br.com/news/microsoft-server-hack-has-victims-hustling-to-stop-intruders/81403851">