The Biden government published on Friday the 12th a warning warning all American organizations that there are huge risks with Microsoft Exchange vulnerabilities. They affect thousands of civil and government organizations and grow as time goes on reaching servers that have not yet been updated. The time frame for updating exposed servers is incredibly short – “measured in hours, not days,” a senior administration official told reporters on Friday. President Joe Biden has been aware of Exchange problems since the beginning of last week, the official said.
Palo Alto Networks experts estimated on Thursday that at least 20,000 U.S.-based Exchange servers remain unpatched and vulnerable to exploitation, and add up to 80,000 worldwide.
US intelligence agencies do not intend to add any extra legal authority to monitor domestic cybersecurity incidents, the official added. According to him, the Biden government believes that public-private partnerships are the ideal model for detecting and mitigating threats to cybersecurity. With this incident, for the first time the United States government invited members of the private sector to join the task force created to respond to Exchange failures, the official said. Private entities will have access to facilities where confidential information is available across the country, to participate in confidential discussions when necessary, the official added.
Jake Sullivan, a national security adviser, said on Friday that for the time being the White House is not prepared to blame anyone for the attacks on the Microsoft Exchange. “But we assure you that we will be in a position to assign this attack at some point in the near future, and we will not hide the problem. We will go ahead and say who we believe made the attack ”.
In just a few weeks, the official said, the White House will launch an executive action that includes ideas to strengthen the country’s cybersecurity, including proposals to assign letter cybersecurity ratings to software providers used by the federal government. The idea is inspired by the sanitation qualities for restaurants of Mayor Michael Bloomberg. Another concept is based on Singapore’s cyber security standards for consumer devices connected to the Internet. The goal, the official said, is to create a “market” for cybersecurity, where companies would compete for high security ratings.
With international agencies