Microsoft Exchange email hack was caused by China, US says

Read the Story

Show Top Comments

I’ve been in IT for almost 15 years. I’ve worked for web hosting providers, financial institutions, and hospitals. Out of the countless attacks I’ve seen, I could count on one hand the number of them that didn’t come from Russia, China, or NK. This will continue until we invest heavily into cybersecurity and until american businesses start accepting that the costs associated with IT and security are worth it.


I have a small company with 15 employees. We have voip phones (are they still called that) and once removed the firewall for maintenance. Within minutes calls were being made through our system to all over the world. Cost us $2,000 before we could get the firewall back up and it was only a matter of minutes.


Ok, so what consequences will Biden impose?


The problem is that the people making the financial decisions (C-Level types) view all IT as a cost center rather than a profit facilitator. Their job is to maximize profit, and nowhere in their careers has learning about technology (other than surface level understanding) been required. When the people running your organization can only focus on things one quarter at a time, with the express intent of maximizing profit at any cost, increases in the IT budget can always be pushed to “next quarter” or ignored outright as a case cannot be reasonably made on how this will *make* money for the company. When you propose the *potential savings* in the case of an attack, the company usually looks at its history and if they’ve never experienced an attack, they accept it as a risk they’re willing to take, because “we’ve never had this happen before, so why waste the money if it never happens?” This is the near singular reason you’re seeing big and small companies being hacked left and right. I guarantee that all of them have IT staff that have brought this up and have been shot down because they didn’t want to invest the manpower and resources to be able to prevent/detect/respond to these attacks. It is not uncommon for malicious actors to have access to a targets’ infrastructure for a long time before they kick off their big ransomware heists or data exfiltration projects. They need time to assess their targets, build in redundant points of entry, gain ability to laterally move throughout the network, gain elevated privileges where required, and cover their tracks. Each one of these points is detectable and actionable if you have the tools deployed to catch them and the staff available to monitor the tools. That shit costs money. For a small company it may be a costly expense and they may want to weigh the pros and cons, but these huge companies with millions/billions in profit have literally no excuse.


Yeah, it’s China or Russia. No surprises there. We continue to move along.