Paper 1

Posted by sfoul001 on

2021 Microsoft Data Breach

Spencer Foulk

Old Dominion University

CYSE 300: Introduction to Cybersecurity

Professor joe Kovacic

January 20, 2023

In 2021, Microsoft was hit with one of its greatest data breaches to this day. For the longest time the company remained secure under its perpetual coding and security features until this fateful day. This was not the work of just one group but rather several advanced persistent threat groups. A few of the groups included,” Hafnium, which is alleged by Microsoft to be a Chinese state-sponsored group, Tick (also known as Bronze Butler), Lucky Mouse (also known as APT27 and Emissary Panda), Calypso, the Wint Group (also known as BARIUM and APT41), Tonto Team (also known as Cactus Pete), Mikroceen (also known as Vicious Panda), Websiic, DLTMiner, and at least one previously unknown group.” These groups have been identified for previous attempts at cyber espionage.

As far as the vulnerability that was used to infiltrate Microsoft’s systems, it consisted of four recently found zero-day attacks that allowed hackers access. A zero-day attack is defined as a computer-software vulnerability that was previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Such vulnerabilities can and will remain unless an action is taken to patch or rather fix the issue. This situation could be justly related to the iPhone jailbreaking scene that mostly relies on a zero-day attack for a jailbreak to be untethered which would allow the user to use third party software without the use of a computer.

After the use of zero-day vulnerability to gain temporary control, web shell backdoors were deployed. These web shell backdoors would allow the user to gain long-term access to the servers. Other traits of the web shell backdoors included the ability to run commands and upload, delete, and view files. Web shell backdoors were used the most during the vulnerability attack, but other attacks including post compromise tools, ransomware, and Crypto mining were also used to penetrate the systems from the inside.

The purpose of the vulnerabilities used in the attack served to infiltrate systems, temporarily remove access, install spyware, and other malware related techniques. Repercussions of the attack included more than five thousand servers in 115 unique countries with shell services installed on them, exfiltrated data from systems, and a demanded ransom bill of over $50 million dollars from the company Acer due to data exfiltration as well. While this may seem as if a lot of the issues were spyware related, with Acer being the main end of the stick, the computers and systems that were connected to said servers also need to be considered. This is especially true since hackers,” have exploited the vulnerabilities to spy on a wide range of targets, affecting an estimated 250,000 servers.”

While Microsoft has been doing their best over the years to keep the company and its confidential information secured during the year 2021, there are a couple of precautions that have been taken to eliminate or at least reduce the effect of the damage that was done to the exchange server. For starters, the baseline of defense that comes on every Windows computer identified as Microsoft defender should be getting and receiving constant updates and patches. Secondary tips could be to reinforce and improve the previous lines of code and information that they had received although this task is time-inducing since it was a zero-day attack.

While it was impossible for Microsoft to see this coming, changes must be made to prevent it from happening a second or third time. Patches and updates to Microsoft’s Defender software are initial starts, but an overview and rework of the code, while time consuming, is necessary to make it more challenging for cyber criminals to hack.

References

“Microsoft Exchange Server Data Breach (2021)”, Darryl Chan, ccdcoe.org, Published (August

22, 2021) – https://cyberlaw.ccdcoe.org/wiki/Microsoft_Exchange_Server_data_breach_(2021)

“2021 Microsoft Exchange Server Data Breach”, wikipdia.org, Published (November 20, 2022)

https://en.wikipedia.org/wiki/2021_Microsoft_Exchange_Server_data_breach

“Best of 2021 – What We Can Learn from the 2021 Microsoft Data Breach”, ARIA

Cybersecurity Solutions, securityboulevard.com, Published (December 31, 2021) – https://securityboulevard.com/2021/12/what-we-can-learn-from-the-2021-microsoft-data-breach/

Leave a Reply

Your email address will not be published. Required fields are marked *