WEBVTT - ICYMI: Microsoft Warns of Ransomware Hacks as SharePoint Fallout Grows

0:00:00.080 --> 0:00:09.799
<v Speaker 1>Bloomberg Audio Studios, Podcasts, radio News. You're listening to Bloomberg

0:00:09.880 --> 0:00:14.440
<v Speaker 1>BusinessWeek with Carol Masser and Tim Steneveek on Bloomberg Radio.

0:00:14.880 --> 0:00:17.160
<v Speaker 1>We begin this hour with the latest on the fallout

0:00:17.200 --> 0:00:20.959
<v Speaker 1>from the Microsoft SharePoint security issue. Microsoft saying that a

0:00:21.040 --> 0:00:25.119
<v Speaker 1>Chinese hacking group exploiting security vulnerabilities in the company's SharePoint

0:00:25.200 --> 0:00:30.720
<v Speaker 1>servers to deploy ransomware follows a cyber attack discovered last week. Carol,

0:00:30.800 --> 0:00:33.600
<v Speaker 1>this cyber attack has affected hundreds of entities around the world,

0:00:33.920 --> 0:00:37.080
<v Speaker 1>including about four hundred government agencies, corporations, and other groups.

0:00:37.120 --> 0:00:40.320
<v Speaker 1>That's according to estimates from the security firm I Security,

0:00:40.479 --> 0:00:43.440
<v Speaker 1>including the National Nuclear Security Administration.

0:00:43.560 --> 0:00:46.360
<v Speaker 2>That's right, that USA agency is responsible for maintaining and

0:00:46.400 --> 0:00:50.640
<v Speaker 2>designing the nation's cash of nuclear weapons that was among

0:00:50.920 --> 0:00:53.960
<v Speaker 2>those breached. For more, let's bring in Jennifer Ubanks. She's

0:00:54.000 --> 0:00:57.800
<v Speaker 2>the founder of Adaman Strategic Advisors. They advised companies and

0:00:57.800 --> 0:01:01.720
<v Speaker 2>clients on cyber resilience, digital trends, information, and geopolitical risk.

0:01:02.280 --> 0:01:05.080
<v Speaker 2>She spent great background more than three decades and tech,

0:01:05.120 --> 0:01:08.280
<v Speaker 2>intelligence and national security, and served as the Deputy Director

0:01:08.280 --> 0:01:11.160
<v Speaker 2>of the CIA for Digital Innovation from twenty nineteen through

0:01:11.160 --> 0:01:14.280
<v Speaker 2>twenty twenty four. She joins us from Virginia. So great

0:01:14.280 --> 0:01:16.080
<v Speaker 2>to have you with us. We've been dying to kind

0:01:16.080 --> 0:01:18.440
<v Speaker 2>of do a little bit of a deeper dive into

0:01:18.480 --> 0:01:23.760
<v Speaker 2>this story. This was a serious attack. I am curious

0:01:24.680 --> 0:01:27.679
<v Speaker 2>about how you are seeing it and kind of the

0:01:27.760 --> 0:01:30.560
<v Speaker 2>level that it seemed to be able to penetrate.

0:01:31.000 --> 0:01:33.720
<v Speaker 3>Yeah, it's a great question, and thanks for the invitation today, Carol.

0:01:34.480 --> 0:01:36.560
<v Speaker 3>You hit the high points in the introduction. I think

0:01:36.600 --> 0:01:39.600
<v Speaker 3>that's really important. But I'm going to just shape it

0:01:39.640 --> 0:01:42.440
<v Speaker 3>slightly differently and say that I think we'll look back

0:01:42.480 --> 0:01:45.080
<v Speaker 3>on this breach as one of those milestone ones that

0:01:45.520 --> 0:01:51.640
<v Speaker 3>where you measure the developments of strategic attempts to infiltrate

0:01:51.720 --> 0:01:54.440
<v Speaker 3>our networks and our systems. We'll look back on it

0:01:54.520 --> 0:01:57.240
<v Speaker 3>like solar winds, like the exchange server.

0:01:57.720 --> 0:01:59.200
<v Speaker 4>Compromise in twenty twenty one.

0:02:00.040 --> 0:02:02.240
<v Speaker 3>So what is most interesting to me here is that

0:02:02.280 --> 0:02:06.400
<v Speaker 3>this was looked like an espionage operation, classic espionage to

0:02:06.400 --> 0:02:12.680
<v Speaker 3>collect information, sensitive data, intellectual property, you name, it launched

0:02:12.680 --> 0:02:17.400
<v Speaker 3>by three government affiliated entities, and then, as you mentioned,

0:02:17.720 --> 0:02:20.760
<v Speaker 3>just about six days ago, about six days ago, it

0:02:20.800 --> 0:02:23.520
<v Speaker 3>has flipped to ransomware. One of those three entities has

0:02:23.520 --> 0:02:28.040
<v Speaker 3>started dropping ransomware on affected servers and then you know,

0:02:28.080 --> 0:02:29.880
<v Speaker 3>demanding ransom extortion.

0:02:30.320 --> 0:02:33.840
<v Speaker 4>So this is really something new that we've not seen previously.

0:02:34.639 --> 0:02:37.920
<v Speaker 2>Can I just ask you China, you know Microsoft accusing

0:02:37.919 --> 0:02:40.560
<v Speaker 2>hackers associated with the Chinese government of breaking into computer

0:02:40.680 --> 0:02:45.160
<v Speaker 2>systems from your work in the government, it's China, our friend,

0:02:45.560 --> 0:02:48.720
<v Speaker 2>And I asked that kind of instantly, naively, but I

0:02:48.800 --> 0:02:51.200
<v Speaker 2>kind of know the answer. But tell me from a

0:02:51.240 --> 0:02:54.600
<v Speaker 2>government perspective, how you look at China and how especially

0:02:54.680 --> 0:02:56.959
<v Speaker 2>didn't we just open up in video chips to go

0:02:57.400 --> 0:02:59.680
<v Speaker 2>back to China, Like, how do you look at what

0:02:59.760 --> 0:03:03.760
<v Speaker 2>is the right relationship, especially with advanced technology American technology,

0:03:04.080 --> 0:03:04.880
<v Speaker 2>how we should be.

0:03:06.040 --> 0:03:08.520
<v Speaker 3>Yeah, that's a really complex question, and I'm going to

0:03:08.560 --> 0:03:11.639
<v Speaker 3>hit it first from the cyber perspective, since as we're

0:03:11.680 --> 0:03:15.440
<v Speaker 3>talking about this massive breach today and in terms of

0:03:15.760 --> 0:03:19.640
<v Speaker 3>cyber capabilities, the People's Republic of China is amongst the

0:03:19.720 --> 0:03:24.400
<v Speaker 3>most capable, most aggressive, most ambitious, most well resourced kind

0:03:24.440 --> 0:03:27.560
<v Speaker 3>of actors anywhere in the world. If you took and

0:03:27.600 --> 0:03:30.120
<v Speaker 3>there's a scale issue here, if you took all of

0:03:30.320 --> 0:03:35.080
<v Speaker 3>the cyber actors affiliated with the Chinese government, it probably

0:03:35.120 --> 0:03:37.520
<v Speaker 3>outnumbers everything in the US and all of our allies

0:03:37.560 --> 0:03:41.440
<v Speaker 3>could bring to the fight together. The scale is really huge.

0:03:41.680 --> 0:03:44.960
<v Speaker 3>And these three entities that have been identified by Microsoft

0:03:45.120 --> 0:03:48.720
<v Speaker 3>are two the names don't really matter to all the

0:03:49.000 --> 0:03:52.480
<v Speaker 3>viewers perhaps, but Linen Typhoon and Violet Typhoon they've been

0:03:52.520 --> 0:03:55.680
<v Speaker 3>seen for a long time. They're considered advanced persistent threats.

0:03:55.920 --> 0:03:59.720
<v Speaker 3>They have their own apt moniker numbers. The other is

0:04:00.040 --> 0:04:02.360
<v Speaker 3>Storm twenty six oh three, if I'm not mistaken, twenty

0:04:02.400 --> 0:04:06.160
<v Speaker 3>six oh three, and that's less visible, and it hints

0:04:06.200 --> 0:04:09.440
<v Speaker 3>at this ecosystem that has taken shape in the People's

0:04:09.480 --> 0:04:15.280
<v Speaker 3>Republic of China, where they have scaled their cyber operations

0:04:15.320 --> 0:04:19.680
<v Speaker 3>globally by tapping into contract hackers. So each of these

0:04:19.720 --> 0:04:23.039
<v Speaker 3>government entities in each province around the country can then

0:04:23.160 --> 0:04:27.440
<v Speaker 3>reach out to contractors in pretty large numbers. And then

0:04:27.520 --> 0:04:30.599
<v Speaker 3>the other interesting thing in that is that within that

0:04:30.680 --> 0:04:36.240
<v Speaker 3>contractor ecosystem are also criminal actors. So there's this weird

0:04:36.320 --> 0:04:41.560
<v Speaker 3>overlap between government contract entities and criminal entities such that

0:04:41.640 --> 0:04:44.159
<v Speaker 3>the lines are becoming blurred. And that's one of the

0:04:44.200 --> 0:04:48.159
<v Speaker 3>really interesting things about this particular breach, because we're seeing

0:04:48.360 --> 0:04:52.320
<v Speaker 3>what looked like classic espionage sort of government on government

0:04:52.480 --> 0:04:55.920
<v Speaker 3>or China of course, considers commercial espionage to be national

0:04:56.000 --> 0:05:00.760
<v Speaker 3>security operations, so collecting on commercial interests, but then flipping

0:05:00.760 --> 0:05:03.760
<v Speaker 3>to ransomware that starts to raise questions about what's going.

0:05:03.560 --> 0:05:06.440
<v Speaker 1>On here, Jennifer. I've been doing this show with Carol

0:05:06.560 --> 0:05:09.000
<v Speaker 1>for almost five years at this point, so I can

0:05:09.040 --> 0:05:11.680
<v Speaker 1>steal a question from you that I know you're thinking about.

0:05:11.680 --> 0:05:13.640
<v Speaker 1>It's something that you remind us of all the time, Carol,

0:05:13.680 --> 0:05:16.640
<v Speaker 1>and that's the idea that, wait a second, doesn't the

0:05:16.760 --> 0:05:21.320
<v Speaker 1>United States do stuff like this as well?

0:05:21.680 --> 0:05:24.400
<v Speaker 4>I'm going to say no, yes, and no.

0:05:24.720 --> 0:05:31.119
<v Speaker 3>Okay, So there's an understanding that in the world today

0:05:31.120 --> 0:05:36.440
<v Speaker 3>and then world forever, espionage is a reality, and that's

0:05:36.480 --> 0:05:41.400
<v Speaker 3>generally governments seeking information of strategic value about the plans

0:05:41.440 --> 0:05:45.400
<v Speaker 3>and intentions of adversaries and competitors around the world. That

0:05:45.480 --> 0:05:49.720
<v Speaker 3>has generally been within the realm of allowable activity, if

0:05:49.760 --> 0:05:50.120
<v Speaker 3>you will.

0:05:50.560 --> 0:05:51.200
<v Speaker 4>So if I.

0:05:51.200 --> 0:05:54.000
<v Speaker 3>Wanted to understand what a hostile government plans do to

0:05:54.000 --> 0:05:56.960
<v Speaker 3>harm the United States, and I had the hacking capability

0:05:57.000 --> 0:05:59.640
<v Speaker 3>to do that, that would generally be, let's say, within

0:06:00.040 --> 0:06:04.520
<v Speaker 3>the boundaries. What's different is that the PRC has a

0:06:04.520 --> 0:06:08.599
<v Speaker 3>different approach they do, as you know, hack US companies

0:06:09.000 --> 0:06:12.640
<v Speaker 3>on a very large scale. It's the greatest illegal transfer

0:06:12.680 --> 0:06:15.520
<v Speaker 3>of wealth and human history has been through IP theft

0:06:15.880 --> 0:06:18.119
<v Speaker 3>by the People's Republic of China from the United States

0:06:18.160 --> 0:06:19.039
<v Speaker 3>and companies here.

0:06:19.640 --> 0:06:21.360
<v Speaker 4>That's not something that the US does.

0:06:21.920 --> 0:06:25.440
<v Speaker 3>And when we look at what's happening with this particular

0:06:25.480 --> 0:06:28.440
<v Speaker 3>breach where you have government sponsored activity that has now

0:06:28.480 --> 0:06:32.160
<v Speaker 3>in the last six days flipped to be ransomware, that's

0:06:32.200 --> 0:06:35.000
<v Speaker 3>a whole other area.

0:06:34.720 --> 0:06:37.520
<v Speaker 4>That's definitely something that the US government has not would

0:06:37.600 --> 0:06:37.880
<v Speaker 4>not do.

0:06:38.040 --> 0:06:39.440
<v Speaker 2>So I'm going to go back to the second part

0:06:39.440 --> 0:06:42.880
<v Speaker 2>of my question. Then you know, we have once again

0:06:42.920 --> 0:06:46.480
<v Speaker 2>and video is going to be selling chips right into China.

0:06:46.520 --> 0:06:50.640
<v Speaker 2>So I'm just wondering what, you know, the thinking is,

0:06:50.880 --> 0:06:53.599
<v Speaker 2>if they're going to build it, build it on US technology, right,

0:06:53.680 --> 0:06:57.800
<v Speaker 2>like the tech war is on. But what's what's your

0:06:57.839 --> 0:06:58.840
<v Speaker 2>observation on this?

0:06:59.520 --> 0:07:01.600
<v Speaker 3>So this is a really interesting one, and I'll try

0:07:01.640 --> 0:07:03.640
<v Speaker 3>to be very quick about it because it could be

0:07:04.040 --> 0:07:07.440
<v Speaker 3>deep and weedy here. But in essence, what we're seeing

0:07:07.760 --> 0:07:10.960
<v Speaker 3>is the emergence of two parallel digital ecosystems around the world.

0:07:11.400 --> 0:07:15.160
<v Speaker 3>One that's US innovation and our partners and allies around

0:07:15.200 --> 0:07:21.360
<v Speaker 3>the world, and it's rooted in concepts around democracy. So privacy,

0:07:21.480 --> 0:07:28.720
<v Speaker 3>we try privacy, data, sovereignty, security, independence, our sovereignty, you

0:07:28.800 --> 0:07:32.880
<v Speaker 3>name it. Another model, more digital authoritarian, is really modeled

0:07:32.920 --> 0:07:37.560
<v Speaker 3>around monitoring, controlling societies, and maintaining state power. And that

0:07:37.640 --> 0:07:42.920
<v Speaker 3>model is disseminating around the world through the infrastructure that

0:07:42.960 --> 0:07:45.600
<v Speaker 3>the People's Republic of China is selling largely in the

0:07:45.600 --> 0:07:48.280
<v Speaker 3>Global South, but not exclusively there. And so it's a

0:07:48.320 --> 0:07:52.480
<v Speaker 3>long way of saying that I really appreciated the CEO

0:07:52.520 --> 0:07:57.320
<v Speaker 3>of Nvidia's comments yesterday about how he wanted America to

0:07:57.400 --> 0:08:01.480
<v Speaker 3>maintain that lead and be the stand because this issue

0:08:01.480 --> 0:08:05.600
<v Speaker 3>of digital standards is really a battlefield for the future

0:08:05.640 --> 0:08:09.280
<v Speaker 3>of technological leadership and technological leadership in this way, in

0:08:09.320 --> 0:08:14.160
<v Speaker 3>my opinion, is really about global leadership, about superpower status,

0:08:14.200 --> 0:08:16.320
<v Speaker 3>and we're going to have to lead in digital technology

0:08:16.360 --> 0:08:19.800
<v Speaker 3>if we want to maintain that global lead more broadly.

0:08:20.080 --> 0:08:22.800
<v Speaker 3>And so I can see the logic. I'm not saying

0:08:22.840 --> 0:08:25.400
<v Speaker 3>good or bad, but I can see the logic behind

0:08:25.720 --> 0:08:30.600
<v Speaker 3>promoting American innovation and standards so that we can weaken

0:08:30.840 --> 0:08:34.959
<v Speaker 3>the emergence of that, say parallel digital ecosystem could compete

0:08:35.000 --> 0:08:35.319
<v Speaker 3>with us.

0:08:35.440 --> 0:08:37.520
<v Speaker 1>Jennifer Winy have ten seconds left? Can you just give

0:08:37.600 --> 0:08:39.719
<v Speaker 1>us one tip to stay safe in an environment such

0:08:39.760 --> 0:08:39.960
<v Speaker 1>as this.

0:08:41.320 --> 0:08:45.640
<v Speaker 3>Oh yeah, apply all your patches, immediately, rotate your encryption

0:08:45.720 --> 0:08:49.640
<v Speaker 3>keys if you're affected, and hunt for anything that might

0:08:49.640 --> 0:08:52.360
<v Speaker 3>be on your systems and unplug your system if you

0:08:52.360 --> 0:08:54.440
<v Speaker 3>think you might be affected while you're taking these measures.

0:08:54.520 --> 0:08:56.720
<v Speaker 1>Okay, I said one thing that's for, But it's okay.

0:08:56.720 --> 0:08:59.040
<v Speaker 1>We're going to let you encryption keys. I'm going to

0:08:59.080 --> 0:09:01.880
<v Speaker 1>google this stuff. Oh thank god encrypted setting.

0:09:01.960 --> 0:09:05.280
<v Speaker 2>Jennifer, come back real soon. This was fabulous. Jennifer you Bank,

0:09:05.679 --> 0:09:09.800
<v Speaker 2>founder of and Aman Strategic Advisors, joining us right here

0:09:09.840 --> 0:09:11.080
<v Speaker 2>on Bloomberg Business Week Daily