Publication
Government Investigations in Singapore 2025
We have contributed the Singapore chapter of Getting the Deal Through, Government Investigations 2025.
Global | Publication | March 2021
The Hafnium exploit of on-premises Microsoft Exchange Servers is a global cybersecurity event requiring organisations to appropriately patch and examine potentially affected systems. Board members and their advisers should:
Whilst relatively few organisations appear to have been a victim of malicious exploitation activity, it remains necessary to investigate, report to and inform stakeholders of the impact of the event where organisations use the impacted systems. It is critical that vulnerable systems are remediated as attackers are utilizing such systems as a jumping point to deploy ransomware.
Since late February 2021, evidence has been emerging of on-premises versions of Microsoft Exchange Servers having a series of vulnerabilities which have, in some instances, been exploited by one or more threat actor groups operating out of China.
The threat actors were able to utilize vulnerabilities to intercept email communications on these systems and in some cases stole whole mailboxes. An important point to note is that the threat actors that exploit these vulnerabilities are potentially able to obtain administrator privileges on the systems. This can significantly complicate any detection, containment or remediation efforts as the threat actors have the same system rights and capabilities as the IT experts trying to solve the problem.
Evidence has also been found of threat actors deploying additional tools with a view to, among other things, moving outside the Exchange systems into other systems (“moving laterally”), maintaining persistence, harvesting credentials and carrying out system reconnaissance.
Industries such as health, law, defence and education appear to be particularly affected, as well as municipalities and local government. According to figures released, over 31,000 US, 11,000 UK and 7,000 Australian organisations are affected to some extent.
The vulnerabilities were reported to Microsoft in January 2021. However it appears servers were initially exploited in late 2020. Microsoft attempted to resolve the issue by releasing patches – while these address the vulnerabilities themselves, they of course will not address any exploitation activity which might have taken place using additional tools as described above.
In the week commencing March 15, cyber threat intelligence reports have indicated the rise of a new ransomware variant called “DearCry”. The DearCry ransomware threat actors appear to be unrelated to the threat actors that have been previously known to be exploiting the Exchange vulnerabilities, and are opportunistically exploiting the original vulnerabilities that have been made public.
The attack is being referred to as a 'zero-day exploit'. The original threat actors were able to find vulnerabilities in the on-premises Microsoft Exchange server of which Microsoft was not previously aware. Now it appears that multiple threat actors are taking advantage of those vulnerabilities for their own purposes.
Lawyers and Risk Officers should ensure that their organisation and responsible officers urgently take the following steps:
Whilst believed to be predominantly affecting US entities, the vulnerabilities are widespread and a range of threat have begun to exploit the vulnerabilities now that they are known. Companies and government entities should take note of the consequences that boards may face due to inadequate preparation, detection, response and remediation.
All organisations have obligations relating to both the protection of crown jewel assets such as intellectual property, assets regulated by corporate or securities laws such as financial records and stock market related disclosures along with privacy and the security of personal information. Understanding whether your organisation utilises the affected systems, ensuring that patching and forensic examination is undertaken and any potential breaches or exfiltration of information is investigated are prudent courses of action.
Publication
We have contributed the Singapore chapter of Getting the Deal Through, Government Investigations 2025.
Publication
The private credit market and direct lending have grown and diversified immensely in the past decade, offering alternative sources and terms of debt compared to those historically provided by the syndicated leveraged loan and public issuance markets. Consequently, they are fast becoming pivotal components in the capital ecosystem, so much so that the Bank of England consider that the private credit market is currently responsible for approximately $1.8 trillion of debt issuance, which is four times its size in 2015. This growth has been particularly pronounced in Europe and the US but there has also been significant activity in Asia.
Publication
The EU’s Artificial Intelligence Regulation, commonly referred to as the AI Act, is expected to come into force during the summer of 2024 (the AI Act). The AI Act will be the first comprehensive legal framework for the use and development of artificial intelligence (AI), and is intended to ensure that AI systems developed and used in the EU are safe, transparent, traceable, non-discriminatory and environmentally friendly.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023