The major vulnerabilities in Microsoft’s business email servers have left cybersecurity experts at a loss as this attack is free for everyone and is now being exploited by a large number of criminal gangs, government-sponsored threat actors and opportunistic “script kiddies,” researchers at F -Sure you have warned.
To make matters worse, automated attack scripts are made publicly available, which enable even inexperienced attackers to quickly gain remote control of a vulnerable Microsoft Exchange server.
“Tens of thousands of servers were hacked around the world. They are being hacked faster than we can count, ”said Antti Laatikainen, senior security consultant at cybersecurity firm F-Secure.
According to F-Secure Analytics, only about half of the Exchange servers visible on the Internet have installed the Microsoft patches for these security vulnerabilities.
“In the last 20 years that I have worked in the industry, it has never been more legitimate to assume that every company in the world with an Exchange installed would give at least one digital knock on the door. Since it is so easy to access, you can assume that most of these environments have been breached, ”said Laatikainen.
Taiwanese electronics and computer maker Acer has already been hit by a ransomware attack in which hackers are demanding $ 50 million, the largest known ransom to date.
According to Bleeping Computer, hackers accessed Acer documents containing financial tables, bank balances and bank communications and compromised their network through a Microsoft Exchange server vulnerability.
Previous reports alleged that five different groups of hackers (including the China-backed Hafnium group) were exploiting vulnerabilities in Microsoft’s business email servers.
Microsoft has released an emergency patch for its Exchange Server product, the world’s most popular mail server.
According to the F-Secure report, Italy, Germany, France, UK, US, Belgium, Kuwait, Sweden, the Netherlands and Taiwan are currently the countries with the most detections (in descending order).
Laatikainen anticipates that companies will soon start reporting violations.
The GDPR data protection regulation requires that the theft of personal data must be reported to the data protection authorities within 72 hours.
“You have to expect that the number of reports of GDPR violations in the next few weeks will be historic. Your company doesn’t have to be on the long list of organizations reporting violations tomorrow if you take the right steps today, ”he noted.
“Organizations with security monitoring capabilities, network monitoring and effective pathway policies can fight back. There are a ton of things they can do manually to prevent a complete disaster. I just encourage them to do it right away, ”suggested the security expert.