Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » Here’s why you should care about China’s Microsoft Exchange hack

Here’s why you should care about China’s Microsoft Exchange hack

by Chris Stokel-Walker
22 March 2021
in Security
0
The entrance to Microsoft China's corporate office in Shanghai

© Shutterstock

24
SHARES
It sounds boring. It really, really isn’t.

The hacking of an email software provider might not, on the face of it, sound like the most concerning thing in the world. Yet global reaction, including from the US government, to the hacking of Microsoft Exchange’s email software has been as widespread as it has been alarmed. And for good reason: while Microsoft Exchange may not seem like the most high-profile subject of a hack attack, it’s surprisingly powerful and commonplace.

At least 30,000 organisations in the US alone are believed to have fallen victim to the attack, which was announced in a Microsoft blog post earlier this month. The White House press secretary, Jen Psaki, called the risk of the hack “an active threat.” The US National Security Council warned the world it was “essential that any organisation with a vulnerable server take immediate measures.”

Gaining access to email software grants hackers the keys to the kingdom, which is what makes the Microsoft Exchange attack such a threat. And because Microsoft Exchange is used by so many companies, the vulnerability as described gives Chinese state-sponsored hackers the ability to gain insight into any number of firms and their business practices worldwide. Microsoft’s blog post attributes the attack to Hafnium, a state-sponsored hacker group in China.

From beachheads deeper into the organisation

“It has long been a tactic of nation-state intruders to monitor for signs of being discovered,” explains Chris Hallenbeck, chief information security officer in the Americas for Tanium. “This often included targeting the mailboxes of security staff. It’s only natural that attackers would want to tap into the broader wealth of information found on a mail server, and also use it as a beachhead into the organisation’s network.”

And those organisations are wide-ranging. Universities, law firms, infectious disease researchers and defence contractors are believed to have been affected by the massive hack.

The biggest concern is the scale and scope of the range of victims, which means it’s difficult to know who has and who hasn’t been harmed.

“Beyond the basics of deploying Exchange, most organisations likely lack the skills to perform detailed forensic examinations to determine what might have been stolen,” says Hallenbeck. “This puts organisations in the unenviable position of assuming everything was taken.” As a result, says Hallenbeck, “we can expect a flurry of breach notifications from this recent intrusion campaign.”

Putting the cat back in the bag

Microsoft immediately put out a patch to try and fix the vulnerability they had spotted, with the United States government urging firms to act quickly to update their Exchange servers in order to ensure things are secure. On March 15, Microsoft released a one-click patch to fix four commonly-used vulnerabilities identified in the Exchange software that are no longer just being used by Hafnium to gain access to servers, but are also being used by other cybercriminals now they’re aware of the issue. The company also urged IT administrators to run this GitHub script, which checks for indicators of compromise within a company’s systems. Despite this, too few organisations seem to have taken steps to remedy the risk.

 Currently, there are an estimated 82,000 internet-facing servers that remain unpatched, Microsoft says.

While it’s also a big task, it’s important for organisations who fear they may have been affected by running outmoded versions of Exchange to try and identify whether they have fallen foul of an attack.

Monitoring and tracking access to your email accounts is vital to see if you can identify any unverified or allowed access. Yet the blunt truth is that it’s always possible to fall victim to some sort of attack, despite the best set preparations. “This is another example where even if you have extensive piles of security tools you are likely to experience some breaches,” says Hallenbeck. “It is important to proactively instrument your networks to gather data and position your security teams so they can respond to the inevitable.”

Share24TweetShareShare
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
4

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.