New Delhi: The major vulnerabilities in Microsoft’s business email servers have embarrassed cybersecurity experts as this attack is free for all and is now used by a large number of criminal gangs, government-sponsored threat actors and opportunistic “script kiddies” “Is exploited. F-Secure researchers have warned.
To make matters worse, automated attack scripts are made publicly available, which enable even inexperienced attackers to quickly gain remote control of a vulnerable Microsoft Exchange server.
“Tens of thousands of servers have been hacked around the world. They are being hacked faster than we can count, ”says Antti Laatikainen, senior security consultant at cybersecurity firm F-Secure.
According to F-Secure Analytics, only about half of the Exchange servers visible on the Internet have installed the Microsoft patches for these security vulnerabilities.
“Never in the last 20 years that I’ve been in the industry has it been so justified to assume that every company in the world with Exchange has at least one digital knock on the door. Because it is so easy to access, you can assume that most of these environments have been breached, “Laatikainen said.
Taiwanese electronics and computer maker Acer has already been hit by a ransomware attack in which hackers are demanding $ 50 million, the largest known ransom to date.
According to Bleeping Computer, hackers accessed Acer documents containing financial tables, bank balances and bank communications and compromised their network through a Microsoft Exchange server vulnerability.
Previous reports alleged that five different groups of hackers (including the China-backed Hafnium group) were exploiting vulnerabilities in Microsoft’s business email servers.
Microsoft has released an emergency patch for its Exchange Server product, the world’s most popular mail server.
According to the F-Secure report, Italy, Germany, France, UK, US, Belgium, Kuwait, Sweden, the Netherlands and Taiwan are currently the countries with the most detections (in descending order).
Laatikainen anticipates that companies will soon start reporting violations.
The GDPR data protection regulation requires that the theft of personal data must be reported to the data protection authorities within 72 hours.
“You have to expect that the number of reports of GDPR violations in the next few weeks will be historic. Your company doesn’t have to be on the long list of organizations reporting violations tomorrow if you take the right steps today, ”he noted.
“Organizations that have security auditing, network monitoring, and effective pathway policies in place can fight back. There are a lot of things they can do manually to prevent a complete disaster an expert suggested.