The recent, so called \u201cHAFNIUM breach\u201d of Microsoft Exchange servers could have been avoided if only Microsoft had been better attuned to how sovereign hackers think, act and attack. Every indication is that this hack resulted from China, but it was only a matter of time that one of the world\u2019s dark corners would exploit these vulnerabilities. Compared to the financial and reputational damage to its clients and to Microsoft, these liabilities could have been reduced, maybe avoided altogether. Now Microsoft is scrambling (AGAIN) to contain the damage and explain how this will never happen again. Compared to their potential liabilities (and financial damages) Microsoft and clients could have spent pennies on the dollar to remedy and protect. <\/p>\n\n\n\n
There were several red flags that a smart system could have detected to stop the data theft. First red flag, MS Exchange servers typically access only other mail servers and Microsoft servers for updates. But the hackers surmised that MEGA, a file-sharing site that is not a mail server, was also in the loop. Sending mail to MEGA sites should not have been allowed from a Microsoft Exchange server.<\/p>\n\n\n\n
Second red flag, mail server protocols, typically SMTP, are not used by the MEGA site and therefore, data should not have been allowed to be transferred from Exchange servers to MEGA. Such communication should be blocked by a simple firewall rule.<\/p>\n\n\n\n
Third red flag, when sending mail data there is an expected distribution to different servers. For example, it would be unusual \u2013 and suspicious \u2013 if a large volume of data is sent to a single IP address, even over a number of days or longer periods of time. Inventive monitoring and control techniques would have detected, displayed and delayed massive data downloads.<\/p>\n\n\n\n
Microsoft was most likely aware of the zero-day exploits, security issues in their system. Had they shared these vulnerabilities and avoided the \u2018hope\u2019 strategy, Microsoft could have protected their client information by:<\/p>\n\n\n\n
<\/p>\n\n\n\n
Solid enterprise systems must include \u2018zero trust\u2019 barriers that depend on monitoring and analysis techniques that are not just a step ahead, but a completely new approach to how network security should function in the operation of data transmission and VPN sustainability. <\/p>\n","protected":false},"excerpt":{"rendered":"
Three Red (Chinese) Flags That Microsoft Should Have Noticed The recent, so called \u201cHAFNIUM breach\u201d of Microsoft Exchange servers could have been avoided if only Microsoft had been better attuned to how sovereign hackers think, act and attack. Every indication is that this hack resulted from China, but it was only a matter of time that […]<\/p>\n","protected":false},"author":2,"featured_media":12916,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/12663"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=12663"}],"version-history":[{"count":2,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/12663\/revisions"}],"predecessor-version":[{"id":13054,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/12663\/revisions\/13054"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media\/12916"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=12663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=12663"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=12663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}