Publication
2nd Circuit defers to executive will on application of sovereign immunity
The Second Circuit recently held that federal common law protections of sovereign immunity did not preclude prosecution of a state-owned foreign corporation.
Global | Publication | March 2021
The Hafnium exploit of on-premises Microsoft Exchange Servers is a global cybersecurity event requiring organisations to appropriately patch and examine potentially affected systems. Board members and their advisers should:
Whilst relatively few organisations appear to have been a victim of malicious exploitation activity, it remains necessary to investigate, report to and inform stakeholders of the impact of the event where organisations use the impacted systems. It is critical that vulnerable systems are remediated as attackers are utilizing such systems as a jumping point to deploy ransomware.
Since late February 2021, evidence has been emerging of on-premises versions of Microsoft Exchange Servers having a series of vulnerabilities which have, in some instances, been exploited by one or more threat actor groups operating out of China.
The threat actors were able to utilize vulnerabilities to intercept email communications on these systems and in some cases stole whole mailboxes. An important point to note is that the threat actors that exploit these vulnerabilities are potentially able to obtain administrator privileges on the systems. This can significantly complicate any detection, containment or remediation efforts as the threat actors have the same system rights and capabilities as the IT experts trying to solve the problem.
Evidence has also been found of threat actors deploying additional tools with a view to, among other things, moving outside the Exchange systems into other systems (“moving laterally”), maintaining persistence, harvesting credentials and carrying out system reconnaissance.
Industries such as health, law, defence and education appear to be particularly affected, as well as municipalities and local government. According to figures released, over 31,000 US, 11,000 UK and 7,000 Australian organisations are affected to some extent.
The vulnerabilities were reported to Microsoft in January 2021. However it appears servers were initially exploited in late 2020. Microsoft attempted to resolve the issue by releasing patches – while these address the vulnerabilities themselves, they of course will not address any exploitation activity which might have taken place using additional tools as described above.
In the week commencing March 15, cyber threat intelligence reports have indicated the rise of a new ransomware variant called “DearCry”. The DearCry ransomware threat actors appear to be unrelated to the threat actors that have been previously known to be exploiting the Exchange vulnerabilities, and are opportunistically exploiting the original vulnerabilities that have been made public.
The attack is being referred to as a 'zero-day exploit'. The original threat actors were able to find vulnerabilities in the on-premises Microsoft Exchange server of which Microsoft was not previously aware. Now it appears that multiple threat actors are taking advantage of those vulnerabilities for their own purposes.
Lawyers and Risk Officers should ensure that their organisation and responsible officers urgently take the following steps:
Whilst believed to be predominantly affecting US entities, the vulnerabilities are widespread and a range of threat have begun to exploit the vulnerabilities now that they are known. Companies and government entities should take note of the consequences that boards may face due to inadequate preparation, detection, response and remediation.
All organisations have obligations relating to both the protection of crown jewel assets such as intellectual property, assets regulated by corporate or securities laws such as financial records and stock market related disclosures along with privacy and the security of personal information. Understanding whether your organisation utilises the affected systems, ensuring that patching and forensic examination is undertaken and any potential breaches or exfiltration of information is investigated are prudent courses of action.
Publication
The Second Circuit recently held that federal common law protections of sovereign immunity did not preclude prosecution of a state-owned foreign corporation.
Publication
Facing the fast-growing development of AI across the globe, particularly Generative AI (GenAI), the G7 competition authorities and policymakers (Canada, France, Germany, Japan, Italy, the UK and the US) and the European Commission met in Italy on 3-4 October 2024 to discuss the main competition challenges raised by these new technologies in digital markets.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023