EXECUTIVE SUMMARY:
A nation-state backed group, dubbed Hafnium, is allegedly behind the initial Microsoft Exchange Server hack. Experts report that after mentions of the attack made their way through the media, additional cyber criminals tried to get in on the action. In turn, this is leading to more issues.
At least five known groups are capitalizing on the incident. Threat intelligence analysts report that hackers are leveraging the exploits to run cryptominers or to launch ransomware on exposed Microsoft Exchange Servers. Cyber security vendors are currently working on proof-of-concept exploits in order to develop software to help defend customers.
Yesterday, Cyber Talk reported that their may be as many as 60,000 victims. Overnight, estimates regarding the number of victims worldwide have ballooned to 250,000. While the exact motives behind the attack remain unknown, intelligence gathering and the collection of industrial secrets are strongly suspected.
Early observations on the impact
In Washington D.C., one individual reports that Microsoft exchange hack led to the compromise of his/her email. This resulted in the unauthorized sending of messages to email contacts.
Beyond simple email exploits, hackers could potentially use this attack to permanently install malware onto systems. They could gain access to files, credentials, photographs and more.
Web access granted, what now?
In the US, President Biden’s administration intends to create a task force to address the hack. The task force would include representatives from the National Security Council, FBI, CISA and other groups. “We are undertaking a whole government response to assess and address the impact,” stated a White House representative.
Microsoft released patches for the vulnerabilities. Old and unsupported versions have patch options too. Both private and public organizations encourage everyone to patch, if possible. Nonetheless, while the patches will block the vulnerabilities, the patches will not close any backdoors left by the hackers.
A major concern is that larger organizations will have the resources to explore whether or not systems were breached, while smaller organizations will not. “The types of victims we have seen are quite diverse, many of whom outsource technical support to local IT providers whose expertise is in deploying and managing IT systems, not responding to cyber threats,” says security analyst Matthew Meltzer.
In addition, patching is a relatively slow process for some organizations. According to one research firm, public scans indicate that roughly 10,000 Microsoft Exchange Servers still require patching.
What to expect?
Organizations that run Microsoft Exchange Servers should take this threat seriously. Cyber security experts warn that criminals will try to reverse engineer their exploits. As a result, the situation won’t slow down. It’s likely to worsen. Affected Microsoft Exchange customers are encouraged to contact support teams as necessary.
The attacks targeting Microsoft have not affected the company’s stock price. Microsoft is still considered a “Buy”, according to Goldman and Morgan Stanley.
For more on what we know about the attack affecting Microsoft Exchange, visit CNN.
