Publication
Real Estate Focus - December 2024
December has been a very busy month, with a flurry of new government policies and consultations.
Global | Publication | March 2021
The Hafnium exploit of on-premises Microsoft Exchange Servers is a global cybersecurity event requiring organisations to appropriately patch and examine potentially affected systems. Board members and their advisers should:
Whilst relatively few organisations appear to have been a victim of malicious exploitation activity, it remains necessary to investigate, report to and inform stakeholders of the impact of the event where organisations use the impacted systems. It is critical that vulnerable systems are remediated as attackers are utilizing such systems as a jumping point to deploy ransomware.
Since late February 2021, evidence has been emerging of on-premises versions of Microsoft Exchange Servers having a series of vulnerabilities which have, in some instances, been exploited by one or more threat actor groups operating out of China.
The threat actors were able to utilize vulnerabilities to intercept email communications on these systems and in some cases stole whole mailboxes. An important point to note is that the threat actors that exploit these vulnerabilities are potentially able to obtain administrator privileges on the systems. This can significantly complicate any detection, containment or remediation efforts as the threat actors have the same system rights and capabilities as the IT experts trying to solve the problem.
Evidence has also been found of threat actors deploying additional tools with a view to, among other things, moving outside the Exchange systems into other systems (“moving laterally”), maintaining persistence, harvesting credentials and carrying out system reconnaissance.
Industries such as health, law, defence and education appear to be particularly affected, as well as municipalities and local government. According to figures released, over 31,000 US, 11,000 UK and 7,000 Australian organisations are affected to some extent.
The vulnerabilities were reported to Microsoft in January 2021. However it appears servers were initially exploited in late 2020. Microsoft attempted to resolve the issue by releasing patches – while these address the vulnerabilities themselves, they of course will not address any exploitation activity which might have taken place using additional tools as described above.
In the week commencing March 15, cyber threat intelligence reports have indicated the rise of a new ransomware variant called “DearCry”. The DearCry ransomware threat actors appear to be unrelated to the threat actors that have been previously known to be exploiting the Exchange vulnerabilities, and are opportunistically exploiting the original vulnerabilities that have been made public.
The attack is being referred to as a 'zero-day exploit'. The original threat actors were able to find vulnerabilities in the on-premises Microsoft Exchange server of which Microsoft was not previously aware. Now it appears that multiple threat actors are taking advantage of those vulnerabilities for their own purposes.
Lawyers and Risk Officers should ensure that their organisation and responsible officers urgently take the following steps:
Whilst believed to be predominantly affecting US entities, the vulnerabilities are widespread and a range of threat have begun to exploit the vulnerabilities now that they are known. Companies and government entities should take note of the consequences that boards may face due to inadequate preparation, detection, response and remediation.
All organisations have obligations relating to both the protection of crown jewel assets such as intellectual property, assets regulated by corporate or securities laws such as financial records and stock market related disclosures along with privacy and the security of personal information. Understanding whether your organisation utilises the affected systems, ensuring that patching and forensic examination is undertaken and any potential breaches or exfiltration of information is investigated are prudent courses of action.
Publication
December has been a very busy month, with a flurry of new government policies and consultations.
Publication
On 13 December 2024 the Financial Conduct Authority (FCA) published Primary Market Bulletin 53 (PMB 53) which includes confirmation of the final form of two new, and one amended, sponsor-related technical notes previously consulted on in PMB 50, and a consultation on various proposed changes to the technical and procedural notes in the FCA’s knowledge base.
Publication
The Regulator has provided a link to its dashboard webinar held on November 26, 2024, which it urges scheme trustees to watch. The Money and Pensions Service also collaborated with the Pensions Dashboard Programme to host a “town hall” dashboard event on December 2, 2024.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023