Source Code: Your daily look at what matters in tech.

enterpriseprotocol | enterpriseauthorTom KrazitCloud NewsletterAre you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.d3d5b92349

Get access to Protocol

Will be used in accordance with our Privacy Policy

I’m already a subscriber
Protocol | Enterprise
Your guide to the future of enterprise computing, every Monday and Thursday.
Image: Microsoft / Protocol

The huge Microsoft hack

The huge Microsoft hack

Welcome to Protocol | Enterprise, your comprehensive roundup of everything you need to know about the week in cloud and enterprise software. This Monday: Microsoft is under attack, Marc Benioff is the kingpin and Tim Wu has Big Tech rattled.

Also, don't miss tomorrow's Protocol | Enterprise virtual event "Today's Transformation, Tomorrow's Developers," featuring Cecilia Flores of Weebee and Amit Zavery of Google Cloud, at 12 p.m. PT. It's going to be fun, so register here.

(Was this email forwarded to you? Subscribe here.)

The Big Story

Exchange under fire

Microsoft is suffering a massive cyber hack that appears to be growing quickly and has the potential to hit hundreds of thousands of customers.

The company has blamed a Chinese hacking cohort called Hafnium for the attack of its massively popular Exchange software, though the Chinese government has denied responsibility. The attackers targeted four security flaws to gain access to self-hosted Exchange programs, reportedly installing remote access tools into customers' systems. Those that run their email via the cloud are not believed to have been affected, per Microsoft. In a statement, the company said:

  • "We are working closely with the CISA, other government agencies, and security companies, to ensure we are providing the best possible guidance and mitigation for our customers."
  • "The best protection is to apply updates as soon as possible across all impacted systems. We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources."

The hack is huge, affecting users around the globe including large federal entities such as the European Banking Authority, but predominantly smaller targets like city and state governments, police departments and Main Street businesses.

  • The total number of customers hit by this is very likely to grow too, potentially topping over 250,000 targets, according to The Wall Street Journal.
  • "Just about everyone who's running self-hosted Outlook Web Access and wasn't patched as of a few days ago got hit with a zero-day attack," one unnamed source told Krebs on Security.
  • The threat also appears to still be active. On Saturday, the White House said it was taking a "whole of government response to assess and address the impact" and urged "network operators to take it very seriously."
  • Last week, CISA also issued a rare requirement for agencies to patch the infected systems.

The speed with which it spread is just as incredible as its scale and sophistication.

  • Microsoft first disclosed the breach last Tuesday. But as the company worked to fix the exploited vulnerabilities with a patch released on March 2, the hackers accelerated their efforts.
  • The group stealthily targeted a small number of Exchange customers in January. But once Microsoft began to try to patch the problem, it became all-out warfare.
  • The attackers reportedly started using an automated process to hit "every Exchange server they can find on the internet," according to Steven Adair, the CEO of Volexity, which helped Microsoft uncover the issue.
  • By Friday, the number of infected customers grew to over 30,000. By Sunday, it grew to 60,000. It's potentially growing by the thousands every hour.

What makes this hack so alarming is how quickly it followed the large, but much more targeted, SolarWinds breach that officials are still trying to fully diagnose. The initial reports of the automated system used in the latest attack to help hackers dramatically scale up their efforts appears to be a big step forward in the increasingly high-stakes war in cyberspace. And it appears the intensity of the battle between the U.S. and state-sponsored bad actors in cyberspace is only going to grow more contentious.

  • Before the most recent hack, the Biden administration was reportedly preparing to launch a series of attacks on Russian networks combined with economic sanctions as retaliation for the SolarWinds breach, which is believed to have originated in the Kremlin.
  • Now, with China again facing accusations of cyber-espionage in a major way, it's clear this issue will be one of the most significant international dilemmas the White House faces over the next four years.

— Joe Williams



In an interview with Tom Lantzsch, Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corp., Lantzsch shares his take on edge computing: There are more innovations to come – and technology leaders should think equally about data and the algorithms as critical differentiators.

Read more

This Week On Protocol

What Okta's CEO learned from Marc Benioff: Fresh from spending $6.5 billion on Auth0, Todd McKinnon told Protocol that the Salesforce CEO taught him big lessons, not least of which was that the key to winning is a compelling long-term vision.

The Jack Dorsey takeover: In one week, Dorsey became the leader of a bank that's also a small but influential power-player in the music streaming industry. My colleagues Benjamin Pimentel, Tomio Geron and Janko Roettgers dig into what the launch of Square Financial Services and the majority investment in Tidal means for the company.

The post-COVID hotel of the future: My colleague Mike Murphy took a look at some of the IT changes the hospitality sector made over the past year (Hint: robots).

Coming up this week

March 9: MongoDB reports earnings. Salesforce Chief Product Officer David Schmaier speaks at the Barclays Virtual Software Bus Tour.

March 10: Oracle and Asana report earnings. Roblox has its IPO. MuleSoft CEO Brent Hayward speaks at the Truist Securities Technology, Internet & Services Conference. Microsoft's Jared Spataro speaks at the Jefferies Enterprise Communications Summit.

Around the Cloud



In an interview with Tom Lantzsch, Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corp., Lantzsch shares his take on edge computing: There are more innovations to come – and technology leaders should think equally about data and the algorithms as critical differentiators.

Read more

Thanks for reading — see you Thursday.

Recent Issues