Publication
Building long-term integrity in the voluntary carbon market
In recent years, an important question has arisen in relation to the voluntary carbon market (VCM) as it continues to expand: How do we elevate and maintain its integrity?
Global | Publication | March 2021
The Hafnium exploit of on-premises Microsoft Exchange Servers is a global cybersecurity event requiring organisations to appropriately patch and examine potentially affected systems. Board members and their advisers should:
Whilst relatively few organisations appear to have been a victim of malicious exploitation activity, it remains necessary to investigate, report to and inform stakeholders of the impact of the event where organisations use the impacted systems. It is critical that vulnerable systems are remediated as attackers are utilizing such systems as a jumping point to deploy ransomware.
Since late February 2021, evidence has been emerging of on-premises versions of Microsoft Exchange Servers having a series of vulnerabilities which have, in some instances, been exploited by one or more threat actor groups operating out of China.
The threat actors were able to utilize vulnerabilities to intercept email communications on these systems and in some cases stole whole mailboxes. An important point to note is that the threat actors that exploit these vulnerabilities are potentially able to obtain administrator privileges on the systems. This can significantly complicate any detection, containment or remediation efforts as the threat actors have the same system rights and capabilities as the IT experts trying to solve the problem.
Evidence has also been found of threat actors deploying additional tools with a view to, among other things, moving outside the Exchange systems into other systems (“moving laterally”), maintaining persistence, harvesting credentials and carrying out system reconnaissance.
Industries such as health, law, defence and education appear to be particularly affected, as well as municipalities and local government. According to figures released, over 31,000 US, 11,000 UK and 7,000 Australian organisations are affected to some extent.
The vulnerabilities were reported to Microsoft in January 2021. However it appears servers were initially exploited in late 2020. Microsoft attempted to resolve the issue by releasing patches – while these address the vulnerabilities themselves, they of course will not address any exploitation activity which might have taken place using additional tools as described above.
In the week commencing March 15, cyber threat intelligence reports have indicated the rise of a new ransomware variant called “DearCry”. The DearCry ransomware threat actors appear to be unrelated to the threat actors that have been previously known to be exploiting the Exchange vulnerabilities, and are opportunistically exploiting the original vulnerabilities that have been made public.
The attack is being referred to as a 'zero-day exploit'. The original threat actors were able to find vulnerabilities in the on-premises Microsoft Exchange server of which Microsoft was not previously aware. Now it appears that multiple threat actors are taking advantage of those vulnerabilities for their own purposes.
Lawyers and Risk Officers should ensure that their organisation and responsible officers urgently take the following steps:
Whilst believed to be predominantly affecting US entities, the vulnerabilities are widespread and a range of threat have begun to exploit the vulnerabilities now that they are known. Companies and government entities should take note of the consequences that boards may face due to inadequate preparation, detection, response and remediation.
All organisations have obligations relating to both the protection of crown jewel assets such as intellectual property, assets regulated by corporate or securities laws such as financial records and stock market related disclosures along with privacy and the security of personal information. Understanding whether your organisation utilises the affected systems, ensuring that patching and forensic examination is undertaken and any potential breaches or exfiltration of information is investigated are prudent courses of action.
Publication
In recent years, an important question has arisen in relation to the voluntary carbon market (VCM) as it continues to expand: How do we elevate and maintain its integrity?
Publication
On 16 April 2024, the Hon Tanya Plibersek MP, the Minister for the Environment and Water (the Minister) announced progress on the package of reforms to the Environment Protection and Biodiversity Conservation Act 1999 (Cth) (EPBC Act).
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023