Four Microsoft vulnerabilities that have recently become known have been explicitly exploited across the board. TechniqueMagazin Wired Reported on saturday Thousands of corporate, government and educational e-mail servers were hacked in the United States. The Federal Office for Information Security was also on Friday (BSI) thousands of German companies askedTo fill the gap quickly.
A security update for vulnerabilities has been available since last Wednesday. However, experience shows that it takes some time until the updates are installed by the respective companies. A so-called patch, that is, correction of error, can even make a significant difference dangerous at times: if attackers know that an interval may be closing soon, they often overstretch their efforts. Accelerate access to data. .
This seems to have happened in this case. On February 26, the attackers began building their doors to the apparently vulnerable Microsoft Exchange servers, attacking thousands of servers in an hour. Microsoft’s update came only on March 3. The exchange is used by many companies, government agencies, and educational institutions as an email platform.
According to security company Huntress, banks, energy service providers, older people’s homes and an ice cream maker are among the victims that have become known in the United States. The hunters analyzed the attacks. The European Banking Authority (EBA) also announced on Sunday that unauthorized individuals may have access to e-mail. There are also likely to be thousands of victims in Germany, says Mark Sobol, who is responsible for the security division of the German IT company SVA. Currently, it seems that 70 to 80 percent of its customers have a back door in the system. “I think it is the same for all German IT security companies.”
His company is still overwhelmed by the volume of inquiries. Not enough staff is available for proper forensic analysis. Usually a team will be sent to check which components are affected and how. This is currently impossible because there are too many victims and too few employees. SVA Recommendation Microsoft provided script Or use other analytics tools to test whether companies have compromised. Sobol says that companies that did not specifically secure their Exchange servers may believe they were affected.
A group of Chinese state hackers are believed to be behind the attack
As a first step, he advises companies to reset all user passwords. In fact, of course, further, much more complex steps have to be followed. Hackers were able to use gaps to extract extensive data from a company. As a precaution, says Sobol, companies should also make a related report to the responsible data security authority to ensure that the applicable deadlines are not missed.
According to Microsoft, the attackers all the way belong to a group of Chinese state hackers who call the company “hafnium”. Originally, they were primarily looking for information in the United States. Other contracts were targets between universities, law firms, and companies with defense contracts.
According to Microsoft, the 2013, 2016 and 2019 Exchange Server versions are affected. Weaknesses are not present in cloud versions of Microsoft’s e-mail service.