Several cyber threats lurk on compromised systems: Microsoft



New Delhi: In the face of multiple hacking attempts on its corporate email servers around the world, Microsoft has reiterated the warning that patching a system does not necessarily remove the attacker’s access.

The major vulnerabilities in Microsoft’s business email servers have left cybersecurity experts at a loss as this attack is free for everyone and is now being exploited by a large number of criminal gangs, government-backed threat actors and opportunistic “script kiddies“. Researchers from F-Safe said last week.

Although many on-premises Microsoft Exchange servers have been patched, new research has found that multiple threats still lurk on systems that have already been compromised.

Hyderabad News

Click here for more Hyderabad news

According to the Microsoft 365 Defender Threat Intelligence Team, many of the compromised systems have not yet received any secondary action, “such as

“These actions could include follow-up attacks via persistence on Exchange servers that they have already compromised, or using credentials and data stolen during these attacks to compromise networks through other entry vectors,” the tech giant said in its latest update .

Taiwanese electronics and computer maker Acer has already been hit by a ransomware attack in which hackers are demanding $ 50 million, the largest known ransom to date.

According to Bleeping Computer, hackers accessed Acer documents containing financial tables, bank balances and bank communications and compromised their network through a Microsoft Exchange server vulnerability.

Earlier reports alleged that five different groups of hackers (including the China-backed Hafnium group) were exploiting vulnerabilities in Microsoft’s business email servers.

According to Microsoft, attackers who included the exploit in their toolkits, be it by modifying public proof-of-concept exploits or doing their own research, used their window of opportunity to gain access to as many systems as possible.

“Some attackers were advanced enough to remove other attackers from their systems and use multiple persistence points to maintain access to a network,” the company noted.

Microsoft said it was important to note that “some post-compromise techniques can allow attackers to gain highly privileged permanent access, but much of the subsequently effective attacker activity can be mitigated by practicing the principle of least privilege and mitigating lateral movement will”.

According to the F-Secure report, Italy, Germany, France, the UK, the US, Belgium, Kuwait, Sweden, the Netherlands and Taiwan are currently the countries with the most detections (in descending order).



About Author

Leave A Reply