Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Microsoft Exchange email attacks may have been more damaging than first thought

Image Description

The cyberattack against Microsoft Exchange email servers may have been wider-ranging than previously thought according to new reports that claim tens of thousands of businesses could already have been affected.

Security experts have estimated that over 30,000 US governmental and commercial organizations may have had emails hacked following the attack on servers across the country.

Microsoft has issued an emergency patch for the issue, but many affected customers have yet to install and protect themselves from further damage - and there are doubts whether the patch itself is secure enough.

Response

According to KrebsOnSecurity, the attack was carried out by a Chinese hacking group known as Hafnium, which targeted Microsoft Exchange email servers for the company's Outlook service.

The White House has taken an active role in responding to the attack, and over the weekend urged admininstrators and network operators across the US to ensure they are protected.

This followed concerns that Microsoft's fix had not stopped the attack, which the US government believes has not addressed a backdoor access issue that could allow hackers access to compromised servers, raising the risk of further future attacks.

"This is an active threat still developing and we urge network operators to take it very seriously,” Reuters quotes a White House official as saying, noting that a task force was being formed to address the hack.

“We can’t stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted,” the White House official added.

KrebsOnSecurity belives the attack has been ongoing since January 6, with Microsoft only releasing its patch on March 2, nearly two months later, meaning the scale of the threat had grown exponentially.

Microsoft says it is working closely with the US government and security companies to ensure its guidance is up to date and offering the best advice.

“The best protection is to apply updates as soon as possible across all impacted systems,” a Microsoft spokesperson told KrebsOnSecurity. “We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”

“These vulnerabilities are significant and need to be taken seriously," noted Mat Gangwer, senior director, Sophos Managed Threat Response. "They allow attackers to remotely execute commands on these servers without the need for credentials, and any threat actor could potentially abuse them. The broad installation of Exchange and its exposure to the internet mean that many organisations running an on-premises Exchange server could be at risk."

“Organisations running an on-premises Exchange server should assume they are impacted, and first and foremost patch their Exchange devices and confirm the updates have been successful. However, simply applying patches won’t remove artifacts from your network that pre-date the patch. Organisations need human eyes and intelligence to determine whether they have been impacted and to what extent, and, most importantly to neutralise the attack and remove the adversary from their networks.

Via KrebsOnSecurity / Reuters

Date

08 Mar 2021

Sources


Share


Other Blog

  • How to watch Neeraj Chopra's javelin final at Tokyo Olympics 2020 live

    India's 23-year-old Neeraj Chopra cleared the qualifying mark of 83.50 metres in his first attempt to book a place in the final of the men's javelin in the ongoing Tokyo Olympics. His throw, at 86.65 metres, was the chart-topper.

    Read More
  • Best CDN providers of 2021 to speed up any website

    From personal blogs to big business websites, there's a CDN (content delivery network) for everyone.

    Read More
  • Closing tabs in Chrome is getting much better on Android

    In a future release of Google's web browser on Android, you'll be able to avoid the mistake of closing all your tabs at once, thanks to an additional message box to confirm if you want to go ahead with it.

    Google Chrome is the most widely-used web browser app on Android, mainly due to it being pre-installed on the majority of Android smartphones. But there may be an occasion when you've got multiple tabs open at once.

    Some could be related to shopping, birthday ideas, or brainstorms for holidays in the summer for example. You may want to close all of these at once when you're finished.

    In Chrome Canary, the test version of Google's web browser, you can enable a flag that will display a message box to confirm if you want to close all your tabs at once. This will help prevent occasions where you accidently close all the browser tabs when you didn't mean to.

    How do you enable the message box confirmation?

    By going to chrome://flags when running Google Chrome Canary 100 on Android, there will be a 'Close all tabs modal dialog' option.

    Switching this on will make the message box appear when you're about to close all your tabs.

    This can be useful if you've found yourself having mistakenly closed all your open tabs, and having to go through your history to open the links again.

    This may sound like a very obvious feature, but if you mainly use Google Chrome on your phone as you're sharing links on social media and messaging apps, having all your tabs closed can be a huge annoyance.

    Sometimes the little things like this can make a big difference, so it's encouraging that Google has this ready to go in its development releases for now.

    Via XDA Developer

    Read More
  • Buy Windows 10: the cheapest prices in September 2021

    We're showing you where to buy Windows 10 for the best price if you need to upgrade your PC's operating system or build a new rig.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us