Pierluigi Paganini February 23, 2013

When Apple revealed the hack to Reuters press agency I wrote that the last big enterprise not yet hacked was Microsoft, anticipating that was question of time.

The last events have revealed how much vulnerable also major companies to cyber attacks, Facebook, Twitter and principal Press agencies such as NYT dedicate large investment to cyber security of their networks, effort that seems not enough to protect them from frequent cyber espionage campaign.

I consider it a war, every day billions of dollars are lost due cyber attacks, in majority of case never revealed, or worst ne never detected, and small business it the sector that most suffer the offensives.

The day is come .. last Friday, Microsoft posted a public statement on Microsoft Security Response Center revealing that it has also suffered the attacks of unknown hackers.

“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion. Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.” 

Microsoft reports that a “small number of computers” has been compromised including some Mac machine, in a similar manner to attacks relating to other major IT companies also in this case was used a malware to compromise the PCs.

The advisor doesn’t reveals information on the nature of vulnerability exploited but it is likely that also in this case Java browser plug-in vulnerability represented the access key.

It is high likely that the victims have simple visited a compromised web site, the attackers through a drive-by download mechanism have infected the targeted machines.

What is singular is that every company compromised declared that the number of machine compromised was limited and that no user data was exposed, it is clear that these firms are facing with a wide cyber espionage campaign that is targeting the most important IT enterprises to steal sensitive information. The fact that no data has been exposed is the proof that behind these attacks there is a well-structured group, in my opinion a state-sponsored group of professionals, that is gathering information on targets and data acquired will be used also in future offensives.

Security community is paying the consequence related to a cyber espionage campaign planned and executed over last years that exploits principal vulnerabilities detected in large consume products, probably assuming an active role in the research of the dangerous flaws.

The must is to keep up to date every systems and disable every browser plugin if it is not necessary,  at same time instruct personnel on principal cyber threats and how to avoid them and finally establish efficient and responsive patch management process and incident response procedures.

Last suggestion is to make treasure from data breaches, sharing every information on the attacks with security community, law enforcement and intelligence agencies … let’s avoid that similar incidents will involve small business companies that has few defense and resources to prevent catastrophic damage to their business.

Pierluigi Paganini