The Microsoft Hack: Biden Moves to Tackle “Unusually Aggressive” Attacks

In a concerningly aggressive attack that has targeted Microsoft customers all over the globe, hackers were recently able to access the email accounts of a staggering 30,000 organizations in the United States alone. Now, the Biden administration is taking steps to address this attack and limit the damage that it is able to cause by launching an emergency task force designed to determine who has been breached, what the purpose of the attack was, and how to best patch the vulnerabilities that made the breach possible.

In a press briefing, White House press secretary Jan Psaki said that the breach represents “a significant vulnerability that could have far-reaching impacts”. She went on to say, “First and foremost, this is an active threat. We are concerned that there are a large number of victims and are working with our partners to understand the scope of this.”

The Cybersecurity and Infrastructure Security Agency (Cisa), meanwhile, has encouraged all organizations that make use of Microsoft Exchange to scan their devices for potential vulnerabilities. In a statement, however, Microsoft said that it has seen “no evidence that the actor behind [the attack] discovered or exploited any vulnerability in Microsoft products and services”.

Whatever the cause may be, fixing the damage that this breach has caused for thousands of organizations across the country is likely to be an uphill battle. This attack comes just months after the infamous SolarWinds breach – an attack attributed to Russia that breached around 100 US companies and 9 federal agencies. The SolarWinds attack was concerning enough to trigger a congressional hearing. Now, though, with the investigation into the SolarWinds attack still ongoing, the resources required to remediate this latest Microsoft hack will be stretched thin.

With the frequency of serious cyberattacks such as this continuing to rise and with more and more organizations becoming increasingly reliant on their technology in the age of remote working, this latest breach serves as a timely reminder for companies to review their cybersecurity policies and ensure that all of the right defenses to protect against such breaches are in place.

Note: The Knowledge Group continuously produces webcasts on this topic and other hot-button issues relating to Cybersecurity & Privacy Law to keep you ahead of the curve.