Alarms Sound on "Cyberwar" Escalation

The world’s leading technology firms and the enterprises that depend on them are under continual attack, leading to a crisis in cybersecurity. And it's not clear whether the measures they're taking will be sufficient to forestall future disasters.

“We are in a cyberwar,” Hadi Partovi, founder and CEO of Code.org, a nonprofit group that promotes tech education, told the Washington Post at last week’s White House cybersecurity summit. “Nobody’s declared war, but attacks are happening everyday.”

Microsoft Faces "ChaosDB"

The situation was evident even during last week’s event. While CEO Satya Nadella of Microsoft (Nasdaq: MSFT) was in Washington pledging to invest $20 billion over the next five years in cybersecurity improvements, analysts at security research firm Wiz were revealing a major flaw in Microsoft Azure’s Cosmos DB database service that compromised thousands of enterprise customers.

“[A] series of flaws in a Cosmos DB feature created a loophole allowing any user to download, delete or manipulate a massive collection of commercial databases, as well as read/write access to the underlying architecture of Cosmos DB,” stated Nir Ohfeld and Sagi Tzadik, Wiz security researchers in their blog post. The source of the problem was a feature called Jupyter Notebook, which has since been disabled. But even though Microsoft hasn’t found any evidence that data was stolen, the researchers warn that the fallout of what they term ChaosDB remains to be seen. “[W}e believe many more Cosmos DB customers may be at risk. The vulnerability has been exploitable for at least several months, possibly years,” they said.

The flaw is the latest in a series of security mishaps to plague Microsoft. In January 2021, Redmond revealed that its source code repositories were affected by the notorious SolarWinds hack. Following that, 30,000 organizations reportedly were hacked through email flaws in Microsoft Exchange Server.

Other Enormous Attacks Draw Concern

Microsoft is just one of several tech providers to be hacked recently. Last week, CEO Mike Sievert of T-Mobile US (Nasdaq: TMUS) apologized in an announcement on the company’s news page for the latest in a series of data breaches. This one exposed the personal information of at least 47 million customers.

“Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry,” Sievert wrote. T-Mobile has hired cybersecurity firm Mandiant (which is in the process of spinning off former parent FireEye in a $1.2 billion sale to private equity company Symphony Technology Group) and consulting firm KPMG LLG to help solve its security issues. Notably, Mandiant is also deployed as a provider to Microsoft.

On another front, ransomware gang LockBit announced that it has gained access to over 100 Gbytes of compressed data about passengers on Bangkok Airways. Information includes names, contact information, passport information, and credit card data. And while LockBit didn’t say how it had gotten the airline’s information, the group has been known to be leveraging vulnerabilities in products from Fortinet (Nasdaq: FTNT) to access customer information.

This is just one of many examples of an epidemic of ransomware that exploits a range of technological weaknesses, not just in networking gear but in Internet of Things (IoT) sensors and other edge devices. The results can be dire, particularly for hospitals and other verticals whose networks support life-sustaining applications.

Other Vulnerabilities

Vulnerabilities in specific devices aren’t the only sources of cyber attacks. Cloudflare has reported that in July 2021 it stopped the largest distributed denial of service (DDoS) attack it had ever seen. In a blog post on August 19, Omer Yoachimik, product manager of Cloudflare’s DDoS protection service, gave a detailed account of how a massive and coordinated attack hammered a financial services customer of Cloudflare with 17.2 million requests per second (rps) – triple the size of other known botnet DDoS attacks.

“The attack traffic originated from more than 20,000 bots in 125 countries around the world,” Yoachimik stated. And it didn’t stop at the financial customer. “This specific botnet … has been seen at least twice over the past few weeks. Just last week it also targeted a different Cloudflare customer, a hosting provider, with an HTTP DDoS attack that peaked just below 8 million rps,” stated Yoachimik. Thankfully, Cloudflare was able to mitigate the attacks.

Fighting Back

While cybersecurity threats mount, so are initiatives to fight them. Biden’s cybersecurity summit is a case in point. While encouraging tech firms to strengthen their defenses, the meeting also indicated that the government intends to crack down harder on security missteps by possibly adding laws to the roster of compliance regulations that already bind U.S. firms. Further, the inclusion of insurance companies on the president's guest list last week highlights the administration’s expectation that companies will be required to comply with specific guidelines in order to stay insured.

Still, meeting the challenge requires more than mending specific flaws or hiring consultants. Threats are simply too numerous and varied to be stopped by just one product or method. Instead, architectural approaches such as zero trust network access (ZTNA) and secure access service edge (SASE) must be central to the escalation of cyber defenses. Companies lagging in adopting these measures can only anticipate trouble as the cyberwar rages on.