Microsoft's Digital Geneva Convention Idea Shows How Vulnerable We Are

Publisher�s Outlook

Microsoft's Digital Geneva Convention Idea Shows How Vulnerable We Are

By Rich Tehrani, Group Editor-in-Chief, TMC  |  July 11, 2017

Microsoft (News - Alert) recently penned a piece about the need for a Digital Geneva Convention that eliminates targeting of tech companies, assists the private sector in dealing with attacks, and calls for restraint of cyber-weapon development, all of which shows how pathetically weak our security has become.

Microsoft’s well-intentioned piece is actually damning regarding the state of global security. Take a look.

“Within Microsoft we’ve forged a unique, internal three-part partnership as part of the 3,500 security professionals from across the company. The Microsoft Threat Intelligence Center (MSTIC) is our reconnaissance arm, combing through the constant stream of data from our more than 200 cloud services and third-party feeds. Using machine learning, behavioral analysis and forensic techniques, this dedicated team creates a real-time picture – a security intelligence graph – of cyber activity related to advanced and persistent threats to Microsoft and our customers.

“When a threat is detected, MSTIC alerts our Cyber Defense Operations Center (CDOC), an “eyes on glass” command center staffed 24 hours a day, seven days a week by rotating teams of security and engineering professionals from across our product and services portfolio. This team of specialists serves as our frontline, taking immediate action against threats to defend our own systems and protect customers.

“As we identify threats, we’re not only working with customers, but using legal process, led by our Digital Crimes Unit (DCU), to respond in new and innovative ways that disrupt attacks, including those launched by nation states. Last year MSTIC identified an attack pattern that led to a group associated with a nation-state that had registered internet domains using names that included Microsoft and other companies’ trademarks. We went to federal court, obtained court orders and successfully sought appointment of a Special Master to oversee and expedite additional motions in our case. Working under this judicial supervision, we can notify internet registries whenever this group registers a fake Microsoft domain and request that control of that domain be transferred immediately to a sink-hole operated by DCU.

“Using this novel approach, we can disrupt the nation-state’s use of these domains within 24 hours. Since last summer, in response to extended nation-state attacks, we have taken down 60 domains in 49 countries spread over six continents. In each instance we stopped the flow of data to the hackers from any customers whose computers were hacked, we notified the customers of the nation-state attack and we helped them clean their environment and increase their security.”

This all sounds great, right? We are in a great position because Microsoft – the most popular target for PC and server-based attacks – is spending a fortune to keep us safe. After all, the company makes the software most of us use, so it should be able to easily defend us all. Right?

Sadly, this is not the case. In the next paragraph the company says: “We’re nowhere close to being able to declare victory. Governments are increasing their investments in offensive cyber capabilities. We therefore need to recognize a critical truth – this is not a problem that we can solve solely with each of us acting alone.”

The piece then goes on to say that there has been some cooperation between nations, but that we need a new organization that spans the public and private sectors (similar to the UN’s IAEA) to truly keep us safer.

The challenge is that cyber crime is often difficult if not impossible to trace. It is very easy to hide your tracks as a hacker, and even if you are caught, you can’t necessarily implicate the entity that originated the attack. For example, a hack from Iran could be the government, but it could also be hackers paid by another government, a private company, organized crime, a terrorist group, or just a rich person with a grudge.

The challenge is if there is money to be made via cyber crime like phishing and ransomware, believe me, people will make sure they are able to launch attacks. Put another way, the global war on Cybercrime through a Digital Geneva Convention will likely be even less effective than the war on drugs.

Companies are on their own. You will eventually get hit by ransomware, your trade secrets will be compromised, or your customer data will be stolen.

To minimize the potential threat be sure you work with a company with experience in cyber security, and do all you can to be prepared. Cloud backups, training, anomaly detection, up-to-date patches, encryption, and rings of security are just a few of the things you need to ensure your company is doing its all to minimize the damage from potential attackers.




Edited by Alicia Young
Get stories like this delivered straight to your inbox. [Free eNews Subscription]