Posted In: Cybersecurity & Data Privacy & Cybersecurity & Data Privacy
Industry:
Technology
Corporate TIPS: Cyberattack on Microsoft Demonstrates Importance of Incident Response Plans
on April 28, 2021
Tens of thousands of Microsoft customers, including many based in the United States (U.S.), have fallen victim to a cyberattack orchestrated by a group of hackers from China. Businesses and government agencies in the U.S. that use Microsoft’s email service were affected as the hackers launched an aggressive attack that initially began back in January of 2021. The hackers escalated their attack between the end of February and March 3, 2021 to reach at least 30,000 Microsoft customers in response to Microsoft’s move to repair its exploited vulnerabilities.1 Motivated by fear that the attack could have far-reaching impacts on even more consumers, public officials issued an emergency warning that urged federal agencies to patch their systems.
The hackers exploited vulnerabilities in Microsoft’s Exchange program, which is the company’s mail and calendar server. Exchange has a broad range of users, including many small businesses, local and state governments, and even some military contractors. The cybercriminals were able to steal consumer data, including emails, and install malware to survey the activity of their targets by exploiting a bug that allowed them to access email servers without a password.
To escalate the attack, the hackers later used online stealth tactics to weave together multiple vulnerabilities of Exchange to impact a broader group of victims. The cybercriminal group targeted as many victims as they could, even large credit unions, as they exploited flaws that were previously unknown to Microsoft. According to Christopher Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), all companies and organizations that use Microsoft’s Exchange program should assume that they too were compromised as part of this latest attack between February 26th and March 3rd, and should therefore quickly work to install the patch updates released by Microsoft.2
When asked whether China was responsible for the attack, Wang Wenbin of China’s Ministry of Foreign Affairs stated that “China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, tracing the source of cyberattacks is a complex technical issue. It is also a highly sensitive political issue to pin the label of cyberattack to a certain government.”3 However, Microsoft attributed the attack to a Chinese hacking group known as Hafnium, which is a group assessed to be state-sponsored and operating out of China.4
Microsoft is working closely with the CISA, other government agencies, and independent cybersecurity companies to handle the aftermath of the attack and provide mitigation for its customers. Since the attack was disclosed, a multitude of additional hackers not affiliated with Hafnium began exploiting the exposed vulnerabilities to target organizations that have not yet patched their systems. Although this attack will likely push many Microsoft users to shift to the cloud, where Microsoft can manage security more effectively, it also highlights the importance for organizations to develop effective incident response plans.
How Your Organization Can Benefit from an Incident Response Plan
As the latest attack on Microsoft demonstrates, it is critical that an organization can identify and promptly respond to security incidents and events. To do so, organizations will need to have an incident response plan in place to mitigate the risks of being a victim of a cyberattack. Incident response plans outline what constitutes a breach, the roles and responsibilities of an organization’s personnel during a breach, steps to be taken to address the incident, methods of investigation and communication, and the notification requirements following. Three essential benefits an incident response plan can provide to an organization include:
- Protection of Your Data – Your organization can proactively protect its data by following an updated incident response plan. If malicious actors get ahold of your organization’s data via ransomware, they could demand a ransom for its return or leak the information to the public. Protecting data assets through incident response procedures includes securing backups, leveraging logs and security alerts to detect suspicious activity, property identification and access management to avoid in-house misconduct, and heightened attention to patch management.
- Protection of Your Revenue – An effective incident response plan mitigates your organization’s risk for loss of revenue. When the average cost of a data breach is $3.6 million,5 it’s hard to argue against the need for an incident response plan. Your organization’s revenue is at risk during any data breach, and both small and large organizations could be crippled by the high costs associated with a breach, including costs for legal, remediation, forensic investigation, and regulatory and compliance fines.
- Protection of Your Professional Reputation – Having an incident response plan in place may increase consumer trust and confidence in your organization. According to the International Data Corporation, 78% of consumers would take their business elsewhere if directly affected by a data breach.6 By following a detailed incident response plan, in the event of a breach, an organization could reduce the risk of impacted individuals and therefore retain a larger base of its customers.
How Brouse Can Help
Not a single individual or organization is immune from experiencing a cyberattack. However, steps can be taken to reduce your exposure to attacks and to mitigate risks in the event of a data breach. It is best practice that you develop a plan to respond to such cyber-incidents. Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to create an incident response plan. Along with providing insight to your business regarding a data breach and cyberattack response, we also provide proactive solutions for companies to defend against cyberattacks and general guidance through the complexities of data privacy laws and regulations. Our cybersecurity team offers a variety of data privacy and cybersecurity services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2024 Brouse McDowell. All rights reserved.