In the face of multiple hacking attempts on its corporate email servers around the world, Microsoft has reiterated the warning that patching a system does not necessarily remove the attacker’s access.
The major vulnerabilities in Microsoft’s business email servers have left cyber security experts at a loss as this attack is now being exploited for all of a large number of criminal gangs, government-backed threat actors and opportunistic “script kiddies,” researchers at F – Sure said last week.
Although many on-premises Microsoft Exchange servers have been patched, new research has found that multiple threats still lurk on systems that have already been compromised.
According to the Microsoft 365 Defender Threat Intelligence Team, many of the compromised systems have not yet received any secondary action, “such as
“These actions could include follow-up attacks via persistence on Exchange servers that they have already compromised, or using credentials and data stolen during these attacks to compromise networks through other entry vectors,” the tech giant said in its latest update .
Taiwanese electronics and computer maker Acer has already been hit by a ransomware attack in which hackers are demanding $ 50 million, the largest known ransom to date.
According to Bleeping Computer, hackers accessed Acer documents containing financial tables, bank balances and bank communications and compromised their network through a Microsoft Exchange server vulnerability.
Previous reports alleged that five different groups of hackers (including the China-backed Hafnium group) were exploiting vulnerabilities in Microsoft’s business email servers.
According to Microsoft, attackers who included the exploit in their toolkits, be it by modifying public proof-of-concept exploits or doing their own research, used their window of opportunity to gain access to as many systems as possible.
“Some attackers were advanced enough to remove other attackers from their systems and use multiple persistence points to maintain access to a network,” the company noted.
Microsoft said it was important to note that “some post-compromise techniques allow attackers to gain highly privileged permanent access, but much of the subsequently effective attacker activity can be mitigated by practicing the principle of least privilege and mitigating lateral movement become”.
According to the F-Secure report, Italy, Germany, France, the UK, the US, Belgium, Kuwait, Sweden, the Netherlands and Taiwan are currently the countries with the most detections (in descending order).
na / dpb
(Only the headline and image of this report may have been revised by Business Standard staff; the rest of the content is automatically generated from a syndicated feed.)