window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1');

WARNING

We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

Hackers wage war on Microsoft Exchange

Microsoft Exchange Server users are being targeted by hackers in a series of ransomware attacks affecting thousands of organisations worldwide.

CNC

According to Reuters, more than 20,000 organisations have been compromised in the US with many more across the globe.

The victims include the European Banking Authority which has announced that personal data may have been accessed from its servers. It had to pull its entire email system offline while it assessed the damage.

In early March Microsoft reported a new family of human-operated ransomware attacks labelled Ransom: Win32/DoejoCrypt – also known as “DearCry”– which prevent users from being able to use their PCs or access their data until a payment is sent to hackers.

Multiple threats

The hacking campaign has been blamed on a Chinese government-backed hacking group, Hafnium. Microsoft said the group was using four new hacking techniques to infiltrate Exchange email systems.

But internet security company ESET has also identified many other threat groups and behaviour clusters benefitting from the same flaws in Microsoft Exchange. ESET believes more than 500 email servers in the UK may have been hacked, and many companies are unaware they are victims.

Companies using Exchange are advised to install the latest updates immediately. The updates can be found on the Microsoft website. If updates cannot be installed, the recommended Microsoft ‘mitigations’ should be implemented. These mitigations are temporary measures and only recommended where updating is not immediately possible.

If organisations cannot install the updates, or apply any of the mitigations, the UK National Cyber Security Centre (NCSC) recommends isolating the Exchange Server from the internet by blocking untrusted connections to the Exchange Server port 443. If secure remote access solutions are already in place (such as a VPN or VDI), configure Exchange only to be available remotely via this solution.

The NCSC also strongly advises all organisations using affected versions of Microsoft Exchange Servers to proactively search systems for evidence of any compromise in line with Microsoft’s guidance.

Gary Jowett, from Computer & Network Consultants (CNC) in Brighton, said: “CNC has already contacted all of its customers affected and applied the necessary patches. But there will be many businesses unaware of the threat because they do not have an independent IT company looking after their best interests. All organisations that use Microsoft Exchange should follow the NCSC’s guidance as a matter of urgency to avoid storing up hidden problems that could result in the loss of valuable data in the future.”

Newsletter Archives

By |2021-03-16T15:18:16+00:0016th March 2021|Tech News|Comments Off on Hackers wage war on Microsoft Exchange

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept