What is the Hafnium email attack?
Last week, we detailed how the latest in a series of escalating cyberespionage events has come to light, this time involving a hack on Microsoft’s Exchange email software.
The attacker, which Microsoft is calling Hafnium, exploits flaws and stolen passwords to steal data from the networks of targets - with thousands potentially affected. Microsoft not only said that the attackers were state-sponsored, but explicitly named the culprit: China. This places the attack in the broader context of escalating cyberwarfare between nation states.
The race to fix the exploit
Microsoft’s response was to issue a patch and the information it had collected on the exploit, yesterday releasing data on “malware hashes and known malicious file paths” that had been observed in the attacks.
Microsoft’s Tom Burt - Corporate Vice President, Customer Security & Trust, last week : "Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack."
White House National Security Advisor Jake Sullivan duly : “We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP”.
The cyber cold war heats up
The attack comes not so very long after the last such incident in December of last year, when the likes of the US federal government, Microsoft, SolarWinds and VMware all fell prey to a huge state-sponsored cyber attack. The attack involved a vulnerability in SolarWinds’ Orion platform as well as stolen assessment tools from FireEye, with suspicion ultimately falling on Russia.
Fastly's CDN Reportedly to Blame for Global Internet Outage
A huge outage has brought down a number of major websites around the world. Among those affected are gov.uk, Hulu, PayPal, Vimeo, and news outlets such as CNN, The Guardian, The New York Times, BBC, and Financial Times.
It is thought a glitch at Fastly ─ a popular CDN provider ─ is causing the worldwide issue. Fastly has confirmed it’s facing an outage on its status website but fails to specify a reason for the fault ─ only that the problem isn’t limited to a single data centre and, instead, is a “global CDN disruption” that is potentially affecting the company’s global network.
“We’re currently investigating potential impact to performance with our CDN services,” the firm said.
What is Fastly?
Fastly is a content delivery network (CDN) company that helps users view digital content more quickly. The company also provides security, video delivery, and so-called edge computing services. They use strategically distributed, highly performant POPs to help move data and applications closer to users and deliver up-to-date content quickly.
The firm has been proving increasingly popular among leading media websites. After going public on the New York Stock Exchange in 2019, shares rose exponentially in price, but after today’s outages, Fastly’s value has taken a sharp 5.21% fall and are currently trading at US$48.06.
What are CDNs?
Content delivery networks (CDNs) are a web of small computers, or servers, that link together to collaborate as a single computer. CDNs improve the performance of internet-connected devices by placing these servers as close as possible to the people using those devices in different locations, creating hundreds of points of presence, otherwise known as POPs.
They help minimise delays in loading web page content by reducing the physical distance between the server and the user. This helps users around the world view the same high-quality content without slow loading times.
Without a CDN, content origin servers must respond to every single end-user request. This results in significant traffic to the origin and subsequent load, thereby increasing the chances for origin failure if the traffic spikes are exceedingly high or if the load is persistent.
The Risk of CDNs
Over time, developers have attempted to protect users from the dangers of overreliance through the implementation of load balancing, DDoS (Denial of Service) protection, web application firewalls, and a myriad of other security features.
Clearly, by the state of today’s major website outage, these measures aren’t enough. Evidently, CDNs present a risk factor that is widely underestimated ─ which needs to be rectified with haste. Content delivery networks have become a key part of the global infrastructure, and so it’s imperative that organisations start to figure out risk mitigation strategies to protect companies reliant on the interconnected service from further disruption and disarray.