Microsoft Exchange Hack Could Be Even Worse Than SolarWinds
2021 is picking up right where 2020 left off in terms of cybersecurity. Tech behemoth Microsoft is the latest victim of numerous hacking schemes sponsored by a foreign state.
It underscores the urgency needed for individuals, corporations, and governments to start stepping up their cybersecurity game.
Microsoft Exchange Server Is Hacked
When we thought hackers couldn’t get any more aggressive, they go and pull off one of the biggest cyberattacks we’ve seen to date.
Microsoft Exchange Server includes services like e-mail, calendar, and collaboration solutions for businesses. And on March 2nd, it announced that it was hacked.
It also released patches to four severe vulnerabilities that were exposed to hackers. These vulnerabilities can lead to Remote Code Execution (RCE), data theft, server hijacking, backdoors, and more malware. According to Microsoft, hackers can exploit these weaknesses as part of an attack chain.
Cybersecurity blog Volexity claims that the hackers may have been exploiting these vulnerabilities as early as January 6th.
Who Is the Hacker?
According to Microsoft, the ‘highly skilled and sophisticated actor’ behind these breaches is a group known as Hafnium. Hafnium is an advanced persistent threat (APT) that originates from China.
Microsoft claims that Hafnium targets companies in various sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.
In this case, they likely infiltrated the server with stolen passwords or previous vulnerabilities. Then they created a ‘web shell’ to control the server remotely. Then, using U.S.-based private servers, they would siphon data from companies.
Hafnium is believed to be sponsored by the Chinese government.
While this attack is not believed to be connected to the SolarWinds hack, it might be even bigger.
How Many Are Affected?
The problem with breaches like these that involve software as popular as Microsoft’s is that the infiltration methods are often shared and spread.
According to Brian Krebs, author of Krebsonsecurity, over 30,000 organizations have been infiltrated due to the attack. Bloomberg claims it’s more than double that.
It argues that over 60,000 organizations, mostly small or medium-sized businesses, were Hafnium victims due to the Microsoft hack. And the victims are widespread, ranging from banks to electricity providers to senior homes to ice cream companies.
The number is staggering when you consider that roughly 18,000 organizations (and counting) were affected by the SolarWinds hack.
Jim McMurry, the founder of Milton Security Group Inc., told Bloomberg that this attack was “very bad.”
The hackers will likely scour many of these companies’ email archives, looking for any exploitable information.
How Can You Protect Yourself?
If you think you’re a victim of the Microsoft hack, you should immediately install the patches and reach out to security professionals, like those at Hacked, for an expert evaluation.
But even if you don’t use Microsoft Exchange Servers, there are a few steps you should always take to ensure your security.
First, make sure you create long, varied passwords, especially for sensitive accounts. Be aware of URLs, email addresses, and other general inconsistencies from ‘familiar services that may actually a phishing attempt. Enable two-factor authentication wherever you can.
And if you think you’ve been hacked, reach out to us immediately.
Featured image by Volodymyr Kyrylyuk from Shutterstock.com