Amid SolarWinds and MS Exchange Attacks, Encryption is Key
There were plenty of reasons to rejoice in 2020’s end: It was the year of companies scrambling to keep security programs on the rails as the pandemic pushed them to remote operations.
Hackers working for the Chinese government targeted companies working on coronavirus vaccines in an effort to steal research.
Then came revelations of what is likely the biggest cyberattack in history, with Russian hackers targeting government agencies and Fortune 500 companies through their use of vulnerable SolarWinds software.
Now comes 2021, asking 2020 to hold its beer.
The more investigators review the hijacking of SolarWinds technology, the worse it gets. And Microsoft -- itself a SolarWinds attack victim -- is struggling to protect its vast user base from an aggressive Chinese cyber espionage unit determined to steal sensitive email from users of vulnerable Microsoft Exchange installations. At last check, at least 30,000 organizations across the U.S. had been hacked via four security holes in their Exchange Server software.
These events -- along with the ongoing risks posed by third-party access to your data -- illustrate how critical it is for organizations to have strong data classification and encryption technology. This article breaks down the threats, how data classification and encryption come into play, and how Atakama can help.
SolarWinds and MS Exchange attacks
Those behind the recent attacks have one overriding goal: Find and steal the most sensitive types of data in the public and private sectors, and learn how data flows in these organizations so they can come back later and steal more.
In the case of SolarWinds, the full extent of the damage is still unclear. By early February, The US government had identified 9 federal agencies and about 100 private-sector companies that had been compromised. Deputy National Security Advisor Anne Neuberger said the hack was “likely of Russian origin,” but that hackers launched their attack from inside the US.
Microsoft Corp President Brad Smith called it “the largest and most sophisticated attack the world has ever seen.”
He suspected that the breach could have compromised up to 18,000 SolarWinds customers that used the company’s Orion network monitoring software, and likely relied on hundreds of engineers. “When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000,” Smith said during an interview with 60 Minutes in February.
Just a couple weeks after that interview, Microsoft disclosed that four zero-day exploits in Microsoft’s Exchange Server software may have led to the email of more than 30,000 US governmental and commercial organizations being hacked. Wired reported “tens of thousands of email servers” hacked.
Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 in early March. The software giant said the Exchange flaws were targeted by a Chinese hacking unit Microsoft identified as “Hafnium.”
Security journalist Brian Krebs reported that the unit had conducted targeted attacks on email systems used by a range of industry sectors, including infectious disease researchers, law firms, institutions of higher education, defense contractors, policy think tanks, and NGOs.
Importance of data classification and encryption
Data discovery, classification and encryption remain critical tools to protect data from these types of attacks.
Even before the SolarWinds and MS Exchange attacks came to light, research firm MarketsandMarkets predicted that the global sensitive data discovery market would grow from $5.1 billion in 2020 to $12.4 billion by 2026 at a Compound Annual Growth Rate of 16 percent.
At the time, the firm cited, among other things, the growing need to discover sensitive structured and unstructured data, increasing investments in data privacy with evolving regulations, and the rise in remote workers accessing sensitive data amid the pandemic.
These technologies have also been cited as a powerful defense against ransomware attacks in which the bad guys exfiltrate and leak the data they’re holding hostage.
Using Atakama to mitigate these attacks
As the SolarWinds and MS Exchange attacks continue to illustrate the importance of data classification and encryption, Atakama can serve as a last layer of defense, offering protection at the object level even when an adversary has breached other security measures.
We provide that layer of defense via:
- File level encryption: Each file gets its own unique AES 256 bit key
- Distributed key management: By splitting keys across physical devices, there is no central point of attack or failure
- Client side encryption: The encrypted version of the file only is synced to the backend storage location, whether on prem or in the cloud.
Our Approach
The average security team understands by now that a common way to protect sensitive data is to restrict access to only the specific individuals that require it. Rights management or encryption tools define groups based on their department, role, location or something like security clearance.
Traditional encryption solutions depend heavily on identity and access management controls. Login credentials, which allow authorized users to access encrypted data, represent a single point of failure.
Atakama enables the encryption of files at a granular level without reliance on usernames and passwords.
Atakama encrypts at the file level with each file receiving its own unique AES-256 bit key. Each key is then fragmented into “shards,” with the shards distributed across physically separate devices, included, but not limited to, users’ workstations and their smartphones. The single point of failure has been removed and the data remains accessible only by those individuals or groups it is intended for. And Atakama accomplishes all of this without disrupting existing workflows or creating user frictions.
Atakama can also seamlessly integrate with leading data classification tools, thereby helping organizations stay ahead of shifts in the modern threat landscape by delivering solutions that focus directly on the data without reliance on an increasingly porous perimeter.
Compatibility and Outreach
Atakama is compatible with on prem networks and cloud storage solutions including Box, Dropbox, Google Drive and OneDrive.
Request a live demo with one of our success engineers to see how Atakama can protect you from exfiltrative extortive ransomware and the threats posed by the SolarWinds and MS Exchange attacks.