A task force composed of representatives from federal agencies and the private sector convened last week to discuss a “whole of government” response to the Microsoft Exchange hack, White House Press Secretary Jen Psaki said in a statement today.
The Unified Coordination Group established by the National Security Council included officials from the FBI, the Cybersecurity and Infrastructure Security Agency at DHS, the Office of the Director of National Intelligence and the NSA, as well as unnamed private sector companies “based on their specific insights to this incident.”
That includes Microsoft, who the White House said developed its one-click mitigation tool for the vulnerabilities to help small businesses who may otherwise struggle to afford costly incident response services. Microsoft did not immediately respond to a request for comment.
The task force “discussed the remaining number of unpatched systems, malicious exploitation, and ways to partner together on incident response, including the methodology partners could use for tracking the incident, going forward,” Psaki said.
Still struggling to wrap its arms around the SolarWinds hack last year, which compromised at least nine federal agencies and a swath of state governments and private companies, the Biden administration appears to be creating a similar policy track to respond to the Microsoft Exchange vulnerabilities, which some information security experts have worried could be as bad or worse in terms of its impact on the IT security ecosystem.
Evidence of widespread scanning for servers vulnerable to the four zero-day flaws disclosed by Microsoft earlier this month prompted CISA and the FBI to issue a joint public advisory warning that “tens of thousands of systems in the United States” could be affected and that both nation-state hacking groups and cyber criminals “are likely among those exploiting these vulnerabilities.” Other cybersecurity researchers have worried about the potential for ransomware actors to also leverage the vulnerabilities.
“It is highly likely that malicious cyber actors will continue to use the aforementioned exploits to target and…