• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

MSFT Exchange Excitement: Another Jolt of Info

I read “Exchange Server Attacks: Microsoft Shares Intelligence on Post-Compromise Activities.” Interesting, weeks, maybe longer since what one of my analysts described as another digital Chernobyl, have passed without much substantive information.

This “real” news story reports:

Microsoft is raising an alarm over potential follow-on attacks targeting already compromised Exchange servers, especially if the attackers used web shell scripts to gain persistence on the server, or where the attacker stole credentials during earlier attacks.

Interesting. A massive attack which may have distributed malware, possibly as yet undetected, poses a risk. That’s good to know.

This statement attributed to Microsoft is intriguing as well:

In a new blog post, Microsoft reiterated its warning that “patching a system does not necessarily remove the access of the attacker”.

Does this mean that Microsoft’s remediation is not fixing the “problem”? What sorts of malware could be lurking? Microsoft provides some measured answers to this particular question in “Analyzing Attacks Taking Advantage of the Exchange Server Vulnerabilities”?

But the problem is that Microsoft’s foundational software build and deploy business process seems to be insecure.

Dribs and dabs of the consequences of a major security breach is PR and hand waving, not actions which I craved.

Stephen E Arnold, March 30, 2021

Prodaft: Chasing the Bad Actors of SolarWinds

I read “Swiss Firm Says It Accessed SolarWinds Attackers’ Servers.” The idea is that the cyber security outfit explored the intermediary servers employed by the SolarWinds’ bad actors. The result was a successful penetration of some of these systems. The result? Prodaft, according to the report, has learned that “these attackers continue to target large corporations and public institutions worldwide.” The targets? The US and Europe.

Furthermore, the attackers have been given the handle “SilverFish Group.” One discovery is explained this way:

[The attackers have] designed an unprecedented malware detection sandbox formed by actual enterprise victims, which enables the adversaries to test their malicious payloads on actual live victim servers with different enterprise AV and EDR solutions, further expanding the high success rate of the SilverFish group attacks.

From my vantage point in rural Kentucky, this sounds similar to the methods revealed in the disclosure of the the Hacking Team’s Remote Control System. The approach makes it possible to “spin” malware in a controlled manner across compromised systems.

The main point is that despite the radio silence from certain organizations affected by the month’s long attacks is:

confirmation of the ongoing nature of the attack validates industry concerns. Once attackers establish persistence within an environment, it is difficult to remove them without considerable resources.

Interesting and not particularly reassuring.

Stephen E Arnold, March 29, 2021

The Value of Threat Data: An Interesting Viewpoint

Security is not job one in the cyber security business. Making sales and applying technology to offensive cyber actions are more important. Over the past couple of decades, security for users of mainstream enterprise applications and operating systems has been a puppet show. No one wants to make these digital ecosystems too secure; otherwise, it would be more difficult, expensive, and slow to compromise these systems when used by adversaries. This is a viewpoint not widely known by some professionals, even those in the cyber security business. Don’t agree. That’s okay with me. I would invite those who take exception to reflect on the failure of modern cyber security systems, including threat intelligence systems, to prevent SolarWinds and Microsoft Exchange security breaches. Both are reasonably serious, and both illustrate the future of cyber operations for the foreseeable future. Just because the mainstream pundit-verse is not talking about these security breaches does not mean the problem is solved. It is not.

“Threat Data Helps Enterprises Strengthen Security” describes a different point of view. I am not confident that the data in the write up have factored in the very loud signals from the SolarWinds and Microsoft Exchange missteps. Maybe “collapses” is a more appropriate word.

The write up states:

Benefits of threat data feeds include; adding unique data to better inform security (71 percent), increasing preventive blocking to ensure better defense (63 percent), reducing the mean time to detect and remediate an attack (55 percent), and reducing the time spent researching false positives (51 percent). On the downside 56 percent of respondents also say threat feeds deliver data that is often too voluminous or complex to provide timely and actionable intelligence.

Let’s consider these statements.

First, with regard to benefits, knowing about what exactly? The abject failure of the cyber security defenses for the SolarWinds and Microsoft Exchange problems did zero to prevent the attacks. Victims are not 100 percent sure that recently “sanitized” systems are free from backdoors and malware. The fact that more than half of those in the survey believe that getting threat intelligence is good says more about the power of marketing and the need to cyber security professionals to do something to demonstrate to their superiors that they are on the ball. Yeah, reading about Fullz on the Dark Web may be good for a meeting with the boss, but it does and did zero for the recent, global security lapses. Organizations are in a state of engineered vulnerability, and threat intelligence is not going to address that simple fact.

Next, what about the information in the threat feeds. Like the headlines in a supermarket tabloid or a TikTok video, titillation snags attention. The problem, however, is that despite the high powered systems from developers from Herliya to Mountain View, information flows generate a sense of false security.

A single person at FireEye noticed an anomaly. That single person poked around. What did that individual find: Something in a threat feed, a snappy graphic from a $100,000 visualization tool, or specific information about a malware attack? Nope, zippy items and factoids. Links to Dark Web sites add spice.

The write up says:

Each of the organizations surveyed faced an average of 28 cyber attacks in the past two years. On average, respondents say 38 percent of these attacks were not stopped because security teams lacked timely and actionable data. Respondents also report that 50 percent of all attacks can be stopped using timely and actionable intelligence.

SolarWinds went undetected for possibly longer than 18 months. Attacks one knows about are one thing. The painful reality of SolarWinds and Microsoft Exchange breaches are another. Marketing won’t make the reality different.

Stephen E Arnold, March 29, 2021

How about Those Cyber Security Awards? Great in the Wake of SolarWinds and the MSFT Exchange Issues

The Cyber Defense Awards, hosted by Cyber Defense Magazine, has released its list of “InfoSec Awards for 2020-Winners.” The introduction reads:

“These InfoSec Awards are in their 8th year and specifically focused on finding innovative infosec players who have a presence in the United States and other countries. With over 3,200 cybersecurity companies worldwide, only a small number – roughly 10% – are highlighted as InfoSec Awards 2020 winners, based upon independent judging and analysis.  This year, we’ve continued to expand our coverage of some of our winning Women in Cybersecurity who will be rolled into our annual update, highlighting some of the innovative women helping taking cybersecurity to new heights.”

It is nice that the awards are recognizing the contributions of women in the male dominated field, and the post presents us with an impressive list of companies. However, we note one name seems to be missing—FireEye, the firm whose smart human analyst (non AI infused) actually caught the widespread SolarWinds’ attack. After that debacle, the effects of which the cyber-security community is still unraveling, we wonder whether these awards are justified. Perhaps they should have taken the year off.

Be that as it may, those interested in the cyber security field may want to check out the full list. It and a description of the judges’ approach can be viewed at the link above.

Now the $64 dollar question: How many of these “winners” detected the SolarWinds and Exchange breaches? Choose one: [a] None, [b] Zip, [c] Zero, [d] Nada.

Cynthia Murrell, March 26, 2021

Exchange Servers: Not Out of the Dog House Yet

Here’s a chilling statement I spotted in “Microsoft Servers Being Hacked Faster Than Anyone Can Count”:

This free-for-all [Exchange Server] attack opportunity is now being exploited by vast numbers of criminal gangs, state-backed threat actors and opportunistic “script kiddies… Because access is so easy, you can assume that majority of these environments have been breached.

The statement is attributed to Antti Laatikainen, senior security consultant at the cyber security firm F-Secure.

Is this accurate?

The ever fascinating digital publication Windows Central ran a story with a headline that offers a different point of view: “Microsoft Says 92% of Exchange Servers Have Been Patched or Mitigated.”

The discussion about these different views raises a number of questions:

• Does Microsoft want to remediate its business processes to make its products and services more secure? (More security means more difficulties for certain government agencies who use security as a way to achieve their objectives.)
• Can security professionals be trusted to identify security problems or issues? (The SolarWinds’ misstep went undetected for months, maybe as much as two years before information about the issue surfaced in a FireEye statement.)
• Can continuous development and update processes deliver acceptable security? (The core business process may exponentially increase the attack surface with each fast cycle change and deployment.)

How secure are “patched” Exchange servers? A very good question indeed.

Stephen E Arnold, March 25, 2021

High Tech Tension: Sparks Visible, Escalation Likely

I read Google’s “Our Ongoing Commitment to Supporting Journalism.” The write up is interesting because it seems to be a dig at a couple of other technology giants. The bone of contention is news, specifically, indexing and displaying it.

The write up begins with a remarkable statement:Google has always been committed to providing high-quality and relevant information, and to supporting the news publishers who help create it.
This is a sentence pregnant with baby Googzillas. Note the word “always.” I am not certain that Google is in the “always” business nor am I sure that the company had much commitment. As I recall, when Google News went live, it created some modest conversation. Then Google News was fenced out of the nuclear ad machinery. Over time, Google negotiated and kept on doing what feisty, mom and pop Silicon Valley companies do; namely, keep doing what they want and then ask for forgiveness.

Flash forward to Australia. That country wanted to get money in exchange for Australian news. Google made some growling noises, but in the end the company agreed to pay some money.
Facebook on the other hand resisted, turned off its service, and returned to the Australian negotiating table.

Where was Microsoft in this technical square dance?

Microsoft was a cheerleader for the forces of truth, justice, and the Microsoft way. This Google blog post strikes me as Google’s reminding Microsoft that Google wants to be the new Microsoft. Microsoft has not done itself any favors because the battle lines between these two giants is swathed in the cloud of business war.

Google has mobile devices. Microsoft has the enterprise. Google has the Chromebook. Microsoft has the Surface. And on it goes.

Now Microsoft is on the ropes: SolarWinds, the Exchange glitch, and wonky updates which have required the invention of KIR (an update to remove bad updates).
Microsoft may be a JEDI warrior with the feature-burdened Teams and the military’s go to software PowerPoint. Google knows that every bump and scrape slows the reflexes of the Redmond giant.

Both mom and pop outfits are looking after each firm’s self interests. Fancy words and big ideas are window dressing.

Stephen E Arnold, March 25, 2021

Watching Hoops: Watching Microsoft Defensive Scramble

Air ball. I read “Microsoft Defender Will Automatically Prevent Exchange Server Exploits.” Technical foul! The write up contains this statement:

The tech giant warns, however, that this is just an interim mitigation meant to protect customers while they’re in the midst of implementing the comprehensive security update for Exchange it released earlier this month. 

Over and back!

The Redmond Wizards have great cheerleaders, but the opponents own the auditorium. The clock is ticking.

The Wizards’ coach is yelling at the officials. Oh, another technical foul.

Quick. Print out the play.

Wait, Microsoft Windows 10 updates broke the printer.

Whistle. Another technical foul.

Stephen E Arnold, March 24, 2021

Microsoft Security: An Ominous Signification

IT News published “White House Taskforce Meets over Microsoft Software Weaknesses.” The “real news” story included a statement which I placed in the predictive bucket. Here’s the prose which caught my attention:

The security holes in the widely used mail and calendaring software leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers or to move elsewhere in the network.

Microsoft is pretty good at issuing magic fixes; for example, “Microsoft Releases One-Click Patch for Exchange Vulnerability” reveals:

Microsoft has released a one-click patch, the Microsoft Exchange On-Premises Mitigation tool, to help customers apply new security updates in the face of the Exchange Server cyber attack.

This IT Pro article points out:

ESET research found that Microsoft Exchange servers had been targeted by “at least ten hacker groups” and that they had managed to install backdoors on more than 5,000 servers in over 115 countries.

In this context the phrase “industrial scale cyber espionage” is doubly chilling.

Now about that JEDI contract for the US Department of Defense?

Stephen E Arnold, March 22, 2021

Business Process Management Is The New Buzzword

How does one “fix” the SolarWinds’ misstep? BPM. GovWizely will present a webinar addressing remediation of SolarWinds’ issues on March 25, 2021. You can sign up at this url: https://www.govwizely.com/contact/. The program is free and pre-registration is required.

If you never heard about business process management (BPM) it means the practice of discovering and controlling an organization’s processes so they will align with business goals as the company evolves.  BPM software is the next phase of business intelligence software for enterprises.  CIO explains what to expect from BPM software in the article: “What Is Business Process Management? The Key To Enterprise Agility.”

BPM software maps definitions to existing processes, defines steps to carry out tasks, and tips for streamlining/improving practices.  Organizations are constantly shifting to meet their goals and BPM is software is advertised as the best way to refine and control changing environments.  All good BPM software should have the following: alignment of the firm’s resources, increase discipline in daily operations, and clarify on strategic direction.  While most organizations want flexibility they lack it:

“A company can only be as flexible, efficient, and agile as the interaction of its business processes allow. Here’s the problem: Many companies develop business processes in isolation from other processes they interact with, or worse, they don’t “develop” business processes at all. In many cases, processes simply come into existence as “the way things have always been done,” or because software systems dictate them. As a result, many companies are hampered by their processes, and will continue to be so until those processes are optimized.”

When selecting a BPM software it should be capable of integrations, analytics, collaboration, form generation, have a business rules engine, and workflow managements.

BPM sounds like the next phase of big data, where hidden insights are uncovered in unstructured data.  BPM takes these insights, then merges them with an organization’s goals.  Business intelligence improves business processes, big data discovers insights, and BPM organizes all of it.

Whitney Grace, March 21, 2021

Was Super Yacht Go a Digital Victim?

Modern yachts are connected to the Internet. I know very little about the specialized systems used to monitor these vessels. One interesting idea was articulated by eSysman Super Yachts via his YouTube video for March 12, 2021. You can view the program at this link. The point which snagged my attention was the observation that the boat’s controls behaved in an unusual manner. Furthermore, according to statements reported by media, the captain was unable to implement a manual override. When the helm’s instructions were not processed, no alarms sounded.  Consequently the captain had to decide whether to crash into a bridge or into a pier. The captain choose the pier. No one was injured and the boat can be repaired.

The key question: Have cyber criminals compromised super yachts’ computerized control systems?

No answers yet. But in the “wake” of SolarWinds and Exchange missteps, the possibility must be considered. Odysseus thought he had problems, but he was dealing with more tractable gods, not digital monsters.

Stephen E Arnold, March 16, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Silicon Valley Streetbeefs
  • If Math Is Running Out of Problems, Will AI Help Out the Humans?
  • How Can Creatives Survive AI Disruptions?
  • Google and Third-Party Cookies: The Writing Is on the Financial Projection Worksheet
  • The Simple Fix: Door Dash Some Diversity in AI

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org