Four recently known Microsoft vulnerabilities have been exploited on board. TechnologyMagazine Wire Saturday report Tens of thousands of corporate, government and education email servers in the United States have been hacked. The Central Office for Information Security was also present on Friday (BSI) asked thousands of German companiesFill in the gaps quickly.
Security update available for vulnerabilities starting last Wednesday. However, experience shows that it takes a while for all the companies involved to install the updates. The so-called patch, i.e. error correction, can sometimes make an important gap even more dangerous: if the attackers know that a gap can be closed as soon as possible, they often intensify their efforts to access the data as much as possible.
In this case it seems to have happened. On February 26, the attackers began creating automatic doors on vulnerable Microsoft Exchange servers, attacking thousands of servers per hour. The Microsoft update only came out on March 3rd. The exchange is used as an email platform by many companies, government agencies and educational institutions.
According to security firm Huntrus, banks, energy service providers, nursing homes and an ice cream maker are among those known in the United States. Honduras analyzed the attacks. The European Banking Authority (EPA) on Sunday announced that unauthorized persons may have access to emails. Mark Sophol, head of security for the German IT company SVA, says thousands more could be affected in Germany as well. It looks like 70 to 80 percent of his customers at the moment have a back door on the computer. “I think this is the same for all German IT security companies.”
His company is now shocked by the scale of the investigation. There are not enough staff for a proper forensic analysis. Usually a team will be sent to check which components are affected and how. This is currently not possible because there are too many victims and too few staff. SVA recommends Scripts provided by Microsoft Or use other analytical tools to verify that companies are compromised. Sopol says companies that do not better protect Exchange servers can, in principle, consider them vulnerable.
A group of Chinese government hackers is believed to be behind the attack
As a first step, he advises companies to reset all user passwords. However, to be very firm, and to follow the most complex steps. Hackers were able to use the space to extract detailed data from a company. Therefore, as a precaution, companies should also submit a relevant report to the responsible data protection officer to ensure that the compliance deadline is not missed, Sopol says.
According to Microsoft, the attackers were a group of Chinese government hackers who call the company “Hafnium”. First, they were primarily looking for information in the United States. Targets, among others, are universities, law firms and companies with security contracts.
According to Microsoft, the 2013, 2016 and 2019 Exchange Server versions have been affected. Cloud versions of Microsoft’s email service have no vulnerabilities.
“Avid writer. Subtly charming alcohol fanatic. Total twitter junkie. Coffee enthusiast. Proud gamer. Web aficionado. Music advocate. Zombie lover. Reader.”