According to Microsoft

In the face of multiple hacking attempts on its corporate mail servers around the world, Microsoft has reiterated the warning that patching a system does not necessarily remove attacker access.

The main vulnerabilities of Microsoft’s corporate email servers have left cybersecurity experts in awe as this free attack opportunity is now being exploited by a large number of criminal gangs, state-backed threat actors and ” opportunistic script kiddies, ”researchers at F -Secure said last week.

Although many on-premises Microsoft Exchange servers have been patched, a new investigation has revealed that several threats are still lurking on already compromised systems.

According to the Microsoft 365 Defender Threat Intelligence team, many compromised systems have yet to receive secondary action, “such as human-made ransomware attacks or data exfiltration, indicating that the attackers could establish and retain their access for possible future actions. “

“These actions may involve performing follow-up attacks through persistence on Exchange servers that they have already compromised, or using credentials and data stolen during these attacks to compromise networks through persistence. ‘other vectors of entry,’ the tech giant said in its latest update.

Taiwanese electronics and computer maker Acer has already been hit by a ransomware attack in which hackers demand $ 50 million, the largest known ransom to date.

According to Bleeping Computer, hackers accessed Acer documents that include financial spreadsheets, bank balances and bank communications, compromising its network through a Microsoft Exchange server vulnerability.

Previous reports have claimed that five different hacking groups (including the China-backed hacking group called “Hafnium”) are exploiting vulnerabilities in Microsoft’s corporate email servers.

According to Microsoft, attackers who included the exploit in their toolkits, whether by modifying public proof of concept exploits or their own research, took advantage of their window of opportunity to gain access to as many systems as possible. .

“Some attackers were advanced enough to remove other attackers from systems and use multiple persistence points to maintain access to a network,” the company noted.

Microsoft has stated that it is important to note that with “certain post-compromise techniques, attackers can gain highly privileged persistent access, but most of the subsequent impacting attacker activity can be mitigated by applying the principle of the least. privilege and attenuating lateral movements “.

According to the F-Secure report, the countries currently registering the most detections (in descending order) are Italy, Germany, France, United Kingdom, United States, Belgium, Kuwait, Sweden, the Netherlands and Taiwan.


na / dpb

(Only the title and image of this report may have been reworked by Business Standard staff; the rest of the content is automatically generated from a syndicated feed.)

Dear reader,

Business Standard has always strived to provide up-to-date information and commentary on developments that are of interest to you and which have broader political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering has only strengthened our resolve and commitment to these ideals. Even in these difficult times stemming from Covid-19, we continue to remain committed to keeping you informed and up to date with credible news, authoritative opinions and cutting-edge commentary on relevant current issues.
However, we have a demand.

As we fight the economic impact of the pandemic, we need your support even more so that we can continue to provide you with higher quality content. Our subscription model has received an encouraging response from many of you who have subscribed to our online content. More subscribing to our online content can only help us achieve the goals of providing you with even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practice the journalism we are committed to.

Support quality journalism and subscribe to Business Standard.

Digital editor