Posted on 03/06/2021 6:55:20 PM PST by SeekAndFind
A cyberattack on Microsoft Corp.’s Exchange email software is believed to have infected tens of thousands of businesses, government offices and schools in the U.S., according to people briefed on the matter.
Many of those victims of the attack, which Microsoft has said was carried out by a network of suspected Chinese hackers, appear to be small businesses and state and local governments. Estimates of total world-wide victims were approximate and ranged broadly as of Friday. Tens of thousands of customers appear to have been affected, but that number could be larger, the people said. It could be higher than 250,000, one person said.
While many of those affected likely hold little intelligence value due to the targets of the attack, it is likely to have netted high-value espionage targets as well, one of the people said.
The hackers have been exploiting a series of four flaws in Microsoft’s Exchange software to break into email accounts and read messages without authorization, and to install unauthorized software, the company said. Those flaws are known as zero days among cybersecurity professionals because they relied on previously undisclosed software bugs, suggesting a high degree of sophistication by the hackers.
“It was being used in a really stealthy manner to not raise any alarm bells,” said Steven Adair, founder of the cybersecurity company Volexity Inc., one of the firms that Microsoft credited with reporting the issue.
(Excerpt) Read more at wsj.com ...
On Tuesday, Microsoft went public with the attack and identified the culprits as a Chinese cyperespionage group called Hafnium. Once caught, a software patch was issued - however before that happened, the hackers switched tactics and began using automated software to identify vulnerable servers on the internet and target them, said Adair.
"The attackers cranked up a huge notch over this past weekend," he said, adding "They’re just hitting every Exchange server they can find on the internet."
Despite the likely 'high-value espionage targets,' the Journal says the hackers were unlikely to have much in the way of intelligence due to the nature of the victims. That said, several government officials have gone on record to warn about its potential severity - while the Cybersecurity Infrastructure Security Agency "Issued a rare emergency directive this past week requiring federal government agencies to immediately patch or disconnect products running Microsoft Exchange on-premises products." CISA also issued a Thursday update to its alert warning that the Chinese hackers were using automated tools to crawl the internet for vulnerable Exchange servers.
CISA held a call Friday with more than 4,000 critical infrastructure partners in the private sector and state and local governments encouraging them to patch their systems.
Also on Friday, White House press secretary Jen Psaki told reporters during a press briefing that the Microsoft vulnerabilities were of significant concern and “could have far-reaching impacts” and result in a "large number of victims.” -WSJ
On Friday, a Microsoft spokesman said they're working with security companies and government agencies to contain the incident, however they would not disclose the estimated scope of the attack.
Yup, MORE China Virus no matter what Biden and his crime syndicate calls it.
Cultural norm IIRC
They found a Chink in our armor.
Sounds to me like the FedGov should have stuck with Hillary’s server. At least she could have deleted it all.
...happily sitting here as a Linux guy but... I can only be so smug. It is never a good day when criminal elements win. M$, get your house in order! We all lose when they win.
RE: ...happily sitting here as a Linux guy but... I can only be so smug.
No you can’t, they also have a LINUX hack attack team as well.
No doubt. We can engage in our Windows vs Apple vs Linux battles all we want but... The criminals out there intent on doing their thing are generally agnostic. They don’t care. If they see/find an opportunity to compromise a system and gain information they will. We can beat each other up, Windows/Apple/Linux all we want - but we are the Ford/Chevy/Dodge guys arguing while the car thieves are still out there...
some sort of government requirement notwithstanding, you have to have an IT death wish to have any email server, exchange especially, responding behind your firewall.
it attacks all the wrong kinds of attention from all the wrong kinds of people.
*attracts. Damned autocorrect.
...happily sitting here as a Linux guy but... I can only be so smug. It is never a good day when criminal elements win. M$, get your house in order! We all lose when they win.
————————
Linux is great for the back-end. Really there is no alternative.
However...
they are not attacking Linux as no one really uses it. Why go after that < 2% of desktops running it? Great secure desktop, no decent apps.
Many people would love to switch to Linux, but without real commercial application support (that most of the world uses), it’s doubtful.
Why don’t y’all get Autodesk, Adobe, Microsoft, Value/Steam and the thousands of other useful apps ported over to Linux? Always a Windows/Mac version and never a Linux version. Open-source shovel-ware just won’t cut it for most.
Until that’s done, Linux desktop use will hover around 2%
And Office 365 is garbage. While its performance has improved a little over the past year, it is still ponderously slow compared to IMAP or anything else.
Anyone one with half a brain stopped using Microsoft email products back when windows 98 was a thing. They were always insecure.
Is Linux usable as a desktop alternative to Windows or Mac? Absolutely. I'm living proof. I've been a Linux user and developer at work for 20+ years. I've been a Linux user at home for over a decade. But I'm a sample size of 1. It comes down to effort - both real and perceived.
A significant percentage of people currently using Windows at home use it primarily for web browsing and email. A significant percentage of work use involves that and typical office applications such as Word, Excel, and PowerPoint. Linux on the desktop is entirely capable of assuming these tasks. However there are two gotchas.
One is simply the barrier(s) to entrance into the Linux world. Want a new laptop? You can find dozens from major manufacturers or sites like Amazon or New Egg, or at local retailers like Best Buy - almost all running Windows, A relative handful running some version of Mac OS, maybe a tiny fraction offered with Linux. The upshot is, if you want to run Linux it is going to take a little work, a little extra effort. While you can easily get Win/MacOS ready to run out of the box... For most users and most devices a Linux fan would have to figure out how to download and install Linux themselves. Why bother when the computer is ready to go as is? So that extra work, minimal as it actually is, represents a significant barrier to entry. You have to really want to run Linux. Pro tip - it really isn't that difficult to download an ISO image of a popular Linux distribution, copy it to a thumb drive, boot from that thumb drive, and install Linux. It is a few steps yes, but once you understand them it is easy.
The second "gotcha" is simply the pervasiveness of Windows and MS Office tools. Even if you're a Linux fanboy, either recent convert or long-time aficionado, chances are you're going to have to work with or interact with generic Windows users. As good as the Linux applications are (eg. Libre Office) when interacting with their MS counterparts there are sometimes, perhaps even often, issues with fonts, layouts, etc. It represents an impedance mismatch that seems perennial, perhaps even pervasive.
The upshot is, given MS's position - basically having gotten there first - they are going to be the desktop, like it or not. This relegates Linux and Mac OS to basically also-ran status on the desktop. Attackers looking to skim/scam information have got to play the odds. I won't even touch the relative security postures of Win/Mac/Linux. If you want to attack systems, you play the numbers. The numbers say you'll find more, many more Win systems out there in the wild than you will anything else. So that's what the attacks are generally written for.
The Linux base distro is never the problem. They are great. I’ve been running a version of Linux since 1993 or thereabouts.
It’s always about the apps, or lack thereof.
Sure, open-source crapware exists. Hard-to-use crap interfaces (that’s a open-source trademark, even if running such apps on windows or a Mac)
Glad you mentioned Open/Libre/ shitOffice. Fonts, themes, animations, transitions all don’t work (PowerPoint), no VS Basic support for Macros (Excel), and the same font and layout issues with Word. No Camtasia support (huge one for me as a content producer. Funny the Google stuff doesn’t have these issues... and there is a good MSOffice version for Mac. CrossOver office is a poor substitute.
And content-creation is worse. No out-of-the distro support for any Abode, Autodesk, Game Engine Development or other normal apps people will run as a content creator. You client needs PSD files or illustrator files. Not gimp. You need to export to fbx. Nope again. Clients won’t take blend files.
So if Linux fanboys really want Linux to takeoff with desktop use, they need to get app developers that every one else uses to support app ports to it.
But as you said “this is the year of the Linux desktop” has been said for almost 20 years now.
Maybe Gates can pay for a vaccine
Windows gained popularity while Linux was still mostly command line use and didn’t have much of a desktop. Hence businesses used windows and people wrote business programs for windows. I was in the sign business for years and there’s no way a Linux machines could be used for that because all the sign layout software, cnc and plotter software is written for windows.
That being said, I’ve been using some sort of Ubuntu distro as my PS OS for 15 years now. Still, if I want to use my usb scan tool to diagnose a vehicle or use repair info software, I have to reboot to win7 pro.
Aside from publishing design/layout software which is often Mac, pretty much every other specialized business software is MS Windows.
Both the communist chinese and microsoft are spying on you.
Both.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.