Criminal hacking groups piling on to escalating Microsoft Exchange crisis
The Microsoft Exchange Server hack is becoming an even bigger security problem, due to an influx of more hacking groups attempting to take advantage of the situation before affected companies can patch their servers.
Revealed on March 3 by Microsoft, an attack by Chinese hacking group "Hafnium" targeted vulnerabilities in Microsoft Exchange Server, prompting the release of patches. Shortly after the announcement, Hafnium stepped up its attacks to hit 30,000 U.S. organizations and others around the world within a few days, but now others have joined the fray.
Security experts told the Financial Times that more hacking groups are using the opportunity to perform their own attacks using the same vulnerability. The hackers, including criminal groups, are stepping in to take advantage of the software flaws before organizations hosting servers can patch and protect them.
For many, it is probably too late to preemptively patch the issue. "Every possible victim that hadn't patched by mid-to-end of last week has already been hit by at least one or several actors," proposed security group CrowdStrike co-founder Dmitri Alperovitch.
Outside of the United States, the European Banking Authority became the first major public body to confirm it was compromised by attacks.
The scale of the inflated attacks will be a serious problem for some time, prompting governmental intervention. The Cybersecurity and Infrastructure Security Agency (CISA) has urged "All organizations across all sectors to follow guidance to address the widespread domestic and international exploitation" of the vulnerabilities.
There is also advice to use of Microsoft's IOC detection tool to determine if a compromise of vulnerable systems has taken place. Meanwhile the White House National Security Council claimed "It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted."
Revealed on March 3 by Microsoft, an attack by Chinese hacking group "Hafnium" targeted vulnerabilities in Microsoft Exchange Server, prompting the release of patches. Shortly after the announcement, Hafnium stepped up its attacks to hit 30,000 U.S. organizations and others around the world within a few days, but now others have joined the fray.
Security experts told the Financial Times that more hacking groups are using the opportunity to perform their own attacks using the same vulnerability. The hackers, including criminal groups, are stepping in to take advantage of the software flaws before organizations hosting servers can patch and protect them.
For many, it is probably too late to preemptively patch the issue. "Every possible victim that hadn't patched by mid-to-end of last week has already been hit by at least one or several actors," proposed security group CrowdStrike co-founder Dmitri Alperovitch.
Outside of the United States, the European Banking Authority became the first major public body to confirm it was compromised by attacks.
The scale of the inflated attacks will be a serious problem for some time, prompting governmental intervention. The Cybersecurity and Infrastructure Security Agency (CISA) has urged "All organizations across all sectors to follow guidance to address the widespread domestic and international exploitation" of the vulnerabilities.
There is also advice to use of Microsoft's IOC detection tool to determine if a compromise of vulnerable systems has taken place. Meanwhile the White House National Security Council claimed "It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted."
Comments
The saying used to be: "Nobody ever got fired for buying IBM", and the same goes for Microsoft too. It's the perfect lock-in. And MS IT-departments want to be locked in in order to show the need for their size and budgets. Managements love it because it makes them seem more important.
So I think same old will remain same old.
I wish Apple had continued building their own back end infrastructure, but they left it to MS. Not good for Apple.
I hate to use broad brush statements, but from what I've seen in the one area that has received a good deal of attention is that government policy is driven by reactions and responses to events that highlight a specific vulnerability. In other words, we seem to wait for a fire to break out and burn down a few city blocks before we start talking about the need to create a fire department. Once a fire department is created and you get it staffed appropriately, with domain experts and professional fire fighters working together, things can get more proactive and prevention oriented. But it really comes down to reactionary policies and actions taken after the fire has burned down the barn and all of the cows are long gone, or barbecued.
You see this not only in government, but in industry as well. What's the first thing you hear from a company, e.g. "MegaCorp," after a serious security or privacy breach? They always say the same thing: "We at MegaCorp take security very seriously!" Are they lying? No, because at that point in time they do take security very seriously. It's soothing to corporate leaders to ignore past indiscretions and promise to be good in the future. This is exactly how a 6-year old child confronts their failures. What they will never say is something like: "We at MegaCorp took security very seriously last week when we totally screwed the pooch and let hackers infiltrate our corporate networks. Yeah, we totally failed our shareholders and our customers. But we will make amends, compensate our customers for their loss as best we can, and fix our problems." Yeah, I know, that would be crazy talk, adults acting like adults and taking responsibility without governmental or legal intervention.
And again, you would be wrong. Most businesses and enterprises are in to MS because it's what they know, and it's the "easy" path. Microsoft has NEVER proven they are "very secure", especially with there server/business software.
Wrong