Background
Microsoft is doing a lot of things right and has been throughout its history, however, they have had issues (more on that in another blog). They have been through many transformations and transitions in computing along the way. They listed in March 1986.
In the early 2000’s, it was worm attacks and other destructive attacks which wiped out computers.
Today we have hackers and attackers wanting money, so it has now become a business model. It is called ransomware which are data extortion attacks. The aim is to infect Windows machines and encrypt everything across the board, to then extort the company to get the decryption key and get their data back.
What Microsoft has done over the years is to build a very mature security response process to take in vulnerability reports, get patches created and tested of proper quality and then a Windows update mechanism and a pipeline to deliver that reliably, to get things fixed. They have done a great job with this and continue to do so.
They have done very well architecting and building that over the years. They could also do more in terms of where they stand to improve this, as it is still a big problem. Zero-day attacks are still escalating on the Windows ecosystem. Some security vulnerabilities and classes of vulnerabilities that we expected would have been gone by now are still being worked on.
Microsoft is an operating system, plus a cloud provider and a security vendor securing that entire product lines that we all buy.
Microsoft has now become a massive security vendor.
National State Level Predators.
Earlier this year the Nobelium and SolarWinds supply chain hack cost around $270m. This is an example of a nation-state level apex predator which in this case was Russia. These states (China, North Korea, Iran etc.) enable access to all these resources to cause grief globally:
- They have all the zero-day exploits,
- They have the best type of ‘very well paid’ talent to enable exploits,
- They have access to unlimited resources,
- Plus, a goal that is driven by nation-state objectives.
When a nation-state wants to get into your network, like Microsoft will tell you, you have no chance.
If you want to see an indication of what is going on out there check out the following link: Significant Cyber Incidents | Center for Strategic and International Studies (csis.org)
Automatic updates are now becoming seen from security experts as well as from an overall security perspective as a big entry point for these types of high-end supply chain attacks. These attacks are now coming through that automatic update mechanism that is meant to keep product secure!
Microsoft itself has asked governments to back off from touching automatic update mechanisms. Note: Governments from all over the world including western ones have their teams of highly paid hackers as well. Let’s be frank, it is a war. More on that in another blog which will provide a background as to how this has all developed. It is like in a war where you back off from touching hospitals. Governments at the higher level should understand that dabbling and messing with automatic update piping mechanisms can hurt computing as a whole. Microsoft knows what is important and they keep addressing this.
- Microsoft is now doing about $13B a year in cybersecurity revenue.
The thoughts in the security space are that it is better to live in Microsoft’s world as Microsoft understands this better than anyone. This is the option rather than outsource it to a 3rd-party vendor who does not understand how Azure (Microsoft’s Public Cloud) works, who doesn’t understand your infrastructure, who doesn’t understand 365, and who doesn’t understand how it’s all properly deployed in your business/organisation.
The best offense you can make is to move to the cloud because that is where the most secure technology is. It is always up to date, and where they put all their 1st run innovations.
In an overly simplified way – if you really want to take an easy 1st step to securing your organisation, you should go with the cloud.
The above is easy to say until the next cloud outage, right?
The reality though, is that everything is moving to the cloud. The bare reality is that digital transformation has been happening now for some time and is accelerating. COVID has pushed things along somewhat with a lot of companies cloudifying things that they were not ready to cloudify before.
Unless you have a great team like CEOs of Cloud (yes Go Systems is a founding member), I don’t necessarily agree with Microsoft, that your best defence is the move to the cloud. Most organisations don’t have the required skills, nor expertise, and there is a cybersecurity skills shortage and that will continue to be a problem for quite some time. Also, some sectors have line of business applications that do not have a SaaS (software as a service) variant, but they will. All our customers are full cloud or partial cloud.
What about The Internet of Things (IoT)?
Microsoft is now well into IoT and made recent purchases into ReFirm Labs who make Binwalk firmware security analysis s/w. They also bought Cyberex to bolster IoT security.
Every enterprise has a lot of these IoT devices scattered around, such as printers, light bulbs, thermostats, all these little things are connected to your network, and it is a big security problem.
Not because someone wants to hack into a thermostat. That is why everyone who looks at it says who cares about hacking into a thermostat? That is not the issue. The issue is breaking into a vulnerability in the thermostat, and then using that as the pivot point to get into you Active Directory (AD). Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done.
Using that as a pivot point to get to another part of your network and plant ransomware or getting to that thermostat and ransoming it. Planting ransomware on some of these IoT devices that becomes unusable may seem trivial. However, if you are in a factory and your thermostat is unusable, then you must close the factory. That is millions and millions of dollars in losses. For businesses that is a big, big problem.
That reality that the IoT device becomes the hot point and the jump-off point into your network is the issue. Microsoft has documented places where a hacker exploits a vulnerability into a printer which is left sitting there unpatched. Then just jumping from that printer into your network and then ransomed the entire network.
This becomes the entry point, that pivot point that gets forgotten in the organisation. There are millions of these sitting around within organisations. Unpatched, just sitting there waiting to be exploited. The way to fix this is through firmware. I mentioned this automatic update mechanism that Microsoft has. And again, you can start to see that it is taking shape. Microsoft is going to start monetising that.
Now they can say, listen, every one of those IoT points is a vulnerability within your organisation, so let Windows automatic updates address it, so we can fix that firmware for you. And now with Cyberex, they have this kind of drag and drop functionality which they have built in to enable virus detection and its functionality so that former developers could check firmware for signs of malicious issues. Even at the enterprise level, people can scan their entire organisation and see what kind of IoT devices are in there and then review how it could affect their entire Windows deployment. This is very powerful, to be sure.
Microsoft continues to evolve its security to defend the Windows ecosystem and cybersecurity is a lucrative space. An automatic update service is the next digital progression. If you drive an electric vehicle (EV) today, or if you buy one today, or in a month, that EV will be even get better because the automatic updates keep making your car better. Microsoft wants to play there.
There’s billions and billions of dollars in monetising that update mechanism for IoT and for firmware. You will start to see these acquisitions take shape. You will start to see where the vision is around Microsoft becoming this big, giant security vendor.
The next level down.
The next frontier for attackers is below the operating system. So we know Microsoft has done more and more of a better job of firming up the operating system. And as the cloud has kind of given them, you know, good visibility and good protection on the top, anything below the operating system from firmware, going down into the hardware stack, going down further into the chip level becomes fertile ground for the future of where malware is.
The incredibly smart people at Microsoft, their security leadership team already understand this. Advanced attackers are going below the stack and going below the operating system. Microsoft knows that they need to be shoring this up and are making this a priority. You’ll see them doing a lot of secured-core PCs a big deal, Windows Defender for IoT.