Though many tech companies admire Microsoft for its longstanding position in the tech industry, their software and servers still encounter problems. The recent Microsoft hack by group Hafnium demonstrates how vulnerabilities can expose even the most secure systems.
In the aftermath of the attack, Microsoft reported that Hafnium bypassed authentication measures to gain access to email servers via multiple zero-day exploits that were actively exploited beginning in January. An Internet security company, Netcraft, ran an analysis that revealed over 99,000 online servers had the unpatched Outlook Web Access Software installed. There are over 250,000 estimated global victims from this attack.
This story is a cautionary tale to all, warning that cybersecurity best practices should never be underestimated. Tactics used by attackers are only becoming more advanced, and with today’s interconnected and complex IT environments, it’s easier than ever for the bad guys to exploit vulnerabilities. Thus, potentially giving them access to what many consider inherently secure systems, including the mainframe.
Many falsely believe the mainframe cannot be hacked. It’s critical to remember that mainframes are only as secure as the implementation of the software and the security running on that mainframe. Once a hacker gains access to a user’s login information, they can climb the hierarchy of access and potentially reach the mainframe. For example, if an organization is not taking the proper security measures, such as using complex passwords or multi-factor verification, hackers can easily gain access to user’s accounts.
To ensure mainframes are as secure as their reputation demands, organizations need to prioritize identifying and fixing any vulnerabilities on their system. Here are some key steps mainframe architects can take to detect vulnerabilities that might already exist before hackers are able to wreak havoc.
- Just-in-time privileged access: Minimize the number of users with privileged access to limit dangerous access points. Review privileged user-access frequently, ensuring old accounts are disabled.
- Verify Identity: Confirm identity at every access point to ensure hackers cannot falsely identify as an employee. Employing a Zero-Trust Framework can guide teams to foster a culture of verification.
- Vulnerability scanning: Assess your mainframe environment for vulnerabilities. Detect weak spots before they’re exploited. Employ software that can automatically test code, data, and memory to identify vulnerabilities, prioritize risks, and report the location of integrity vulnerabilities.
- Be proactive: Have integrity patch management strategies –allocate resources dedicated to vulnerability management. Constantly revisit industry compliance regulations and ensure you’re on par.
The recent Microsoft cyberattack highlights the urgency of cybersecurity best practices in our digital world. Vulnerabilities in any system can lead to even the largest, most experienced companies’ mainframes being hacked, leaving their most sensitive data vulnerable. Even though we talk about businesses “moving to the cloud” or “going digital,” the mainframe still plays a critical role. Terabytes of data live on the mainframe, feeding in and out of the cloud every second, creating tremendous operational value. However, at the same time this hybrid environment opens the door to criminals with an increasingly sophisticated toolkit for penetrating networks and attacking systems, devices, and programs.