Massive attack series has another chapter

Sheila Zabeu -

April 19, 2021

A massive attack on the Microsoft Exchange Server opened another chapter in the current global cybersecurity crisis in March 2021. According to Microsoft, only on-premise environments have been invaded; the online version of the Exchange Server is not vulnerable. The Microsoft Threat Intelligence Center (MSTIC) attributes this attack to HAFNIUM, a group sponsored by the Chinese state.

This is the second massive cyberattack incident in less than four months. At the end of 2020, one of the most complex and longest-running attacks came to the fore; its initial target was the Orion platform, developed by SolarWinds. The invasions ended up compromising the systems of several U.S. state government agencies and private companies.

There is no evidence that the recent attack on Exchange Server is connected to the SolarWinds case. However, as the ancients would say, once bitten, twice shy. The concern is that delays in installing patches on vulnerable Exchange servers can wreak havoc similar – or even worse – to those caused by the SolarWinds Orion platform vulnerability.

According to Bloomberg, the Biden government is working with Microsoft on a public-private initiative to provide more agile responses to the recent cyber attacks involving the United States. The intention is to prevent hackers from gaining more solid control over critical IT systems. In addition, the U.S government is working to determine the scope of these attacks. On the other side, Microsoft is investigating whether hackers have exploited the findings of the DEVCORE researchers, who were the first to warn about Exchange Server vulnerabilities.

The first known report on this problem was made public on January 5 by a DEVCORE security researcher. Only on March 2, Microsoft fixed four flaws in Exchange Server. On March 15, Microsoft released a one-click mitigation tool to help companies with no dedicated security or IT teams to install patches.

The vulnerabilities are described in a Microsoft Security Response Center (MSRC) blog post. To illustrate the scope of the attack, Microsoft used RiskIQ telemetry and identified that a universe of almost 400,000 Exchange servers would be exposed on March 1.

The US Government’s reaction

Just weeks after the disclosure of the SolarWinds case, the U.S. Senate and House passed the National Defense Authorization Act of 2021. With that, the White House now has a national cybernetic director confirmed by the Senate, according to Fortune.  The new national cyber director will be responsible for developing a cyber strategy and act as a point of reference in the coordination of non-military responses in the event of disasters.

The public-private partnership is seen as essential, as 85% of the U.S. critical infrastructure is owned or operated by private organizations. However, such importance is expected to be accompanied by responsibility. For the Cyberspace Solarium Commission (CSC), a bipartisan intergovernmental body created with the aim of developing a consensus around a strategic approach to defending the United States against cyber attacks with relevant consequences, suggests in a report published in 2020 imposing civil liability on final software, hardware and firmware developers for damages arising from incidents that exploit known and unpatched vulnerabilities.


Also in March, a group of hackers carried out a massive attack on images from Verkada real-time and archived surveillance cameras. Verkada is a security service provider that uses cameras connected to the Internet and cloud platforms so that the videos can be watched live from anywhere.

According to Verkada, the attack targeted a server used by the support team to perform massive maintenance operations on customers’ cameras. The invasion began on March 7 and lasted until about midday on March 9, 2021. The attackers got credentials that allowed them to circumvent the Verkada authorization system, including two-factor authentication.

A hacker shared some videos with The Washington Post.  According to the newspaper, more than 149,000 security cameras have been breached, affecting about 24,000 organizations. The attack was initially reported by Bloomberg News, citing Tesla and its assembly line in Shanghai, and Cloudflare, schools, gyms, banks, health clinics and prisons as victims of the invasion.

The global video surveillance market is expected to grow from US$ 45.5 billion in 2020 to US$ 74.6 billion in 2025, at a 10.4% compound annual growth rate, according to a MarketsandMarkets report. The study mentions that factors driving growth include concerns with public security, development of smart cities, and technological advances in Big Data, Internet of Things (IoT), cloud services, artificial intelligence, and machine learning enhancing the video surveillance systems.