Show an ad over header. AMP

Cyber war scales up with new Microsoft hack

Last week's revelation of a new cyberattack on thousands of small businesses and organizations, on top of last year's SolarWinds hack, shows we've entered a new era of mass-scale cyber war.

Why it matters: In a world that's dependent on interlocking digital systems, there's no escaping today's cyber conflicts. We're all potential victims even if we're not participants.


The big picture: Until recently, sophisticated, state-backed hacks were typically aimed at narrow targets. Now, harm from the new nation-state cyber-fights is regularly spilling over to unprecedented numbers of companies, organizations and individuals. 

  • The SolarWinds attack that surfaced late last year, widely attributed to a Russian government-backed group, compromised networks at the Treasury, State, Defense and Commerce departments along with as many as 18,000 companies and institutions and left a long tail of dangerous uncertainties in its wake.
  • The new incident — targeting flaws in Microsoft's Exchange Server, widely used by small and medium-sized companies and organizations — affected 30,000 U.S. Exchange customers and many more around the world, according to Brian Krebs of Krebs on Security. Microsoft pinned the attack on a new group it dubbed Hafnium that it tied to the Chinese government.

What they're saying: Experts exhausted their supply of adjectives in assessing the Exchange incident's scope.

  • "This is a crazy huge hack," tweeted Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency.
  • The number of victims was "astronomical" and "China just owned the world," one researcher told Wired's Andy Greenberg.

Details: Microsoft issued a patch last week that customers have been scrambling to install. The patch will prevent further intrusions, but won't close up back doors previously installed by the hackers.

  • That means a lot of Exchange shops are going to be waiting for another shoe to drop, and their security teams are going to be working overtime to prevent that.

Catch up quick: Hacks of yore regularly affected vast numbers of systems — from 1999's Melissa virus, passed along by infected Microsoft Word documents in email attachments, to 2017's Wannacry ransomware epidemic.

  • These attacks sometimes, as with Wannacry, made use of government-developed tools and techniques that had leaked into the wild. But they almost always were the work of petty criminals or hobbyists.
  • When governments sponsored attacks, they chose their targets with more precision — at least, that's been the assumption until now.

Our thought bubble: Cyber conflict's trajectory from a contained, specialized arena toward one that touches lives around the planet mirrors the one that Western warfare itself has followed in recent centuries.

  • Professional armies fought small-scale conflicts in the 18th century. But then revolutionary France conscripted a broad swath of the public, William T. Sherman brought war home to the plantations of the American South, and by the 20th century military activities became impossible to confine to some defined battlefield.
  • The same progression is taking place on today's fields of online conflict. Governments increasingly pursue their ends not with surgical pinpoint attacks but instead with broadly disruptive digital campaigns that can include everything from theft and ransom to sabotage and shutdowns.

Yes, but: The fog of cyber war means that it's always hard to be 100 percent certain who to blame for a particular attack.

  • Some experts suspect, per Reuters, that the state-backed Chinese group that started the Exchange attack may have later been joined by other groups.

In the case of SolarWinds, U.S. victims and authorities didn't pick up on the intrusions until long after they'd happened. The Exchange break-in was caught earlier, providing some hope for better containing its damage. But as with SolarWinds, its impact is likely to unfold slowly over time and in shadows.

The Biden White House, already weighing sanctions or counterattacks as retaliation for Russia's involvement in SolarWinds, now faces a similar choice with China.

  • For a response to be effective or credible as a deterrent, it doesn't matter whether we hear about it — what counts is for the adversary to see and know what the U.S. can do.

The bottom line: Cybersecurity analysts emphasize that, in this latest hack as in so many others, we may never know exactly who is to blame, who was targeted, and who got caught in the crossfire.

"Nine minutes and 29 seconds": Prosecutors begin closing arguments in Chauvin trial

Steve Schleicher, an attorney for the prosecution in Derek Chauvin's trial, began closing arguments on Monday by describing in detail George Floyd's last moments — crying out for help and surrounded by strangers, as Chauvin pressed his knee into Floyd for nine minutes and 29 seconds.

Why it matters: The jury's verdict in Chauvin's murder trial, seen by advocates as one of the most crucial civil rights cases in decades, will reverberate across the country and have major implications in the fight for racial justice.

Keep reading... Show less

European soccer goes to war over wealthy clubs' plans for exclusive "Super League"

Europe's biggest soccer clubs have established The Super League, a new midweek tournament that would compete with — and threaten the very existence of — the Champions League.

Why it matters: This new league, set to start in 2023, "would bring about the most significant restructuring of elite European soccer since the 1950s, and could herald the largest transfer of wealth to a small set of teams in modern sports history," writes NYT's Tariq Panja.

Keep reading... Show less

81% of S&P 500 companies have reported a positive earnings surprise for Q1

First-quarter earnings so far have been very strong, outpacing even the rosy expectations from Wall Street and that's a trend that's expected to continue for all of 2021. S&P 500 companies are on pace for one of the best quarters of positive earnings surprises on record, according to FactSet.

Why it matters: The results show that not only has the earnings recession ended for U.S. companies, but firms are performing better than expected and the economy may be justifying all the hype.

Keep reading... Show less

NASA's Mars helicopter takes flight as first aircraft piloted on another planet

NASA successfully piloted the Ingenuity Mars helicopter for its first experimental flight on Monday, briefly hopping the aircraft as NASA's Perseverance rover collected data.

Why it matters: Ingenuity's short flight marks the first time a human-built aircraft has flown on a world other than Earth, opening the door to new means of exploring planets far from our own.

Keep reading... Show less

All U.S. adults now eligible for COVID-19 vaccine, meeting Biden's April 19 deadline

All 50 U.S. states, plus Washington, D.C. and Puerto Rico, have now made U.S. adults over the age of 16 eligible for COVID-19 vaccines, meeting President Biden's April 19 deadline.

Why it matters: The landmark speaks to the increased pace of the national vaccination campaign, but will increase pressure on the federal government, states and pharmaceutical companies to provide adequate vaccine supply and logistics.

Keep reading... Show less

Minneapolis braces for a verdict in the Derek Chauvin trial

Minneapolis is waking up to images of an occupied city on Monday, as the city and the world await a verdict in the Derek Chauvin trial.

What it's like: Residents running errands, picking up dinner and heading to the dog park in recent days encountered heavily-armed National Guard troops stationed throughout the city.

Keep reading... Show less

Russian authorities say jailed opposition leader Navalny has been transferred to hospital

Russian opposition leader Alexei Navalny has been hospitalized, one day after his doctor warned that the jailed Putin critic "could die at any moment," Russia's prison service said Monday.

Why it matters: News that Navalny's condition had severely deteriorated on the third week of a hunger strike prompted outrage from his supporters and international demands for Russia to provide him with immediate medical treatment.

Keep reading... Show less

The state worst hit by the pandemic

Data: Hamilton Place Strategies; Chart: Will Chase/Axios

When the coronavirus pandemic hit, the job facing governments was to save lives and save jobs. Very few states did well on both measures, while New York, almost uniquely, did particularly badly on both.

Why it matters: The jury is still out on whether there was a trade-off between the dual imperatives; a new analysis from Hamilton Place Strategies shows no clear correlation between the two.

Keep reading... Show less

Insights

mail-copy

Get Goodhumans in your inbox

Most Read

More Stories