The huge Microsoft hack
Welcome to Protocol | Enterprise, your comprehensive roundup of everything you need to know about the week in cloud and enterprise software. This Monday: Microsoft is under attack, Marc Benioff is the kingpin and Tim Wu has Big Tech rattled.
Also, don't miss tomorrow's Protocol | Enterprise virtual event "Today's Transformation, Tomorrow's Developers," featuring Cecilia Flores of Weebee and Amit Zavery of Google Cloud, at 12 p.m. PT. It's going to be fun, so register here.
(Was this email forwarded to you? Subscribe here.)
The Big Story
Exchange under fire
Microsoft is suffering a massive cyber hack that appears to be growing quickly and has the potential to hit hundreds of thousands of customers.
The company has blamed a Chinese hacking cohort called Hafnium for the attack of its massively popular Exchange software, though the Chinese government has denied responsibility. The attackers targeted four security flaws to gain access to self-hosted Exchange programs, reportedly installing remote access tools into customers' systems. Those that run their email via the cloud are not believed to have been affected, per Microsoft. In a statement, the company said:
- "We are working closely with the CISA, other government agencies, and security companies, to ensure we are providing the best possible guidance and mitigation for our customers."
- "The best protection is to apply updates as soon as possible across all impacted systems. We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources."
The hack is huge, affecting users around the globe including large federal entities such as the European Banking Authority, but predominantly smaller targets like city and state governments, police departments and Main Street businesses.
- The total number of customers hit by this is very likely to grow too, potentially topping over 250,000 targets, according to The Wall Street Journal.
- "Just about everyone who's running self-hosted Outlook Web Access and wasn't patched as of a few days ago got hit with a zero-day attack," one unnamed source told Krebs on Security.
- The threat also appears to still be active. On Saturday, the White House said it was taking a "whole of government response to assess and address the impact" and urged "network operators to take it very seriously."
- Last week, CISA also issued a rare requirement for agencies to patch the infected systems.
The speed with which it spread is just as incredible as its scale and sophistication.
- Microsoft first disclosed the breach last Tuesday. But as the company worked to fix the exploited vulnerabilities with a patch released on March 2, the hackers accelerated their efforts.
- The group stealthily targeted a small number of Exchange customers in January. But once Microsoft began to try to patch the problem, it became all-out warfare.
- The attackers reportedly started using an automated process to hit "every Exchange server they can find on the internet," according to Steven Adair, the CEO of Volexity, which helped Microsoft uncover the issue.
- By Friday, the number of infected customers grew to over 30,000. By Sunday, it grew to 60,000. It's potentially growing by the thousands every hour.
What makes this hack so alarming is how quickly it followed the large, but much more targeted, SolarWinds breach that officials are still trying to fully diagnose. The initial reports of the automated system used in the latest attack to help hackers dramatically scale up their efforts appears to be a big step forward in the increasingly high-stakes war in cyberspace. And it appears the intensity of the battle between the U.S. and state-sponsored bad actors in cyberspace is only going to grow more contentious.
- Before the most recent hack, the Biden administration was reportedly preparing to launch a series of attacks on Russian networks combined with economic sanctions as retaliation for the SolarWinds breach, which is believed to have originated in the Kremlin.
- Now, with China again facing accusations of cyber-espionage in a major way, it's clear this issue will be one of the most significant international dilemmas the White House faces over the next four years.
— Joe Williams
A MESSAGE FROM INTEL

In an interview with Tom Lantzsch, Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corp., Lantzsch shares his take on edge computing: There are more innovations to come – and technology leaders should think equally about data and the algorithms as critical differentiators.
This Week On Protocol
What Okta's CEO learned from Marc Benioff: Fresh from spending $6.5 billion on Auth0, Todd McKinnon told Protocol that the Salesforce CEO taught him big lessons, not least of which was that the key to winning is a compelling long-term vision.
The Jack Dorsey takeover: In one week, Dorsey became the leader of a bank that's also a small but influential power-player in the music streaming industry. My colleagues Benjamin Pimentel, Tomio Geron and Janko Roettgers dig into what the launch of Square Financial Services and the majority investment in Tidal means for the company.
The post-COVID hotel of the future: My colleague Mike Murphy took a look at some of the IT changes the hospitality sector made over the past year (Hint: robots).
Coming up this week
March 9: MongoDB reports earnings. Salesforce Chief Product Officer David Schmaier speaks at the Barclays Virtual Software Bus Tour.
March 10: Oracle and Asana report earnings. Roblox has its IPO. MuleSoft CEO Brent Hayward speaks at the Truist Securities Technology, Internet & Services Conference. Microsoft's Jared Spataro speaks at the Jefferies Enterprise Communications Summit.
Around the Cloud
- Marc Benioff's deal streak continues. Salesforce Ventures led Auth0's $120 million funding round and, since then, the investment has tripled in value, per CNBC.
- Bessemer Venture Partners was also a big winner in the Auth0 deal, turning a $95 million investment into $1.3 billion.
- Why is Big Tech is so afraid of Tim Wu? My colleague Emily Birnbaum unpacks the fear surrounding the new special assistant to Biden.
- Quantum computing startup IonQ is going publicvia a $2 billion SPAC merger. It's one of the more prominent startups in the field.
- Tens of thousands of iOS and Android apps that run through the cloud may have vulnerabilities that could allow hackers to steal passwords — or even medical information.
- Looks like another case of the Silicon Valley hype machine. Despite some notable defections, the majority of startups appear to have stayed in California.
A MESSAGE FROM INTEL

In an interview with Tom Lantzsch, Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corp., Lantzsch shares his take on edge computing: There are more innovations to come – and technology leaders should think equally about data and the algorithms as critical differentiators.
Thanks for reading — see you Thursday.
Recent Issues
In a tough economy, benefits of the cloud 'only magnify'
November 14, 2022
Twitter’s security leads just quit. Now what?
November 10, 2022
Intel finally serves up a chip
November 09, 2022
The great AI race that wasn’t
November 08, 2022
Cloudflare sets a target
November 07, 2022
How Elon will bring back the Fail Whale
November 04, 2022
See more
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.