What’s going on?In case you’ve missed the news – hundreds of thousands of Microsoft Exchange Server systems worldwide are thought to have been compromised by hackers, who exploited zero-day vulnerabilities to steal emails.
Victims have included the European Banking Authority.
The attacks began seemingly specifically targeting organisations, but has now broadened and escalated dramatically.
As a consequence, there is a good chance that many small business, corporate, and government victims of the attack are currently unaware that they have fallen victim.
What’s a zero-day vulnerability?“Zero-day” means that the people responsible for patching the vulnerability had zero days to do it before the flaw was exposed or exploited by malicious hackers.
In short, an official security patch has not been released – and malicious hackers may have already taken advantage of the flaw.
My business uses Microsoft Exchange – are we at risk? How do we patch?The first thing to ask yourself is which flavour of Microsoft Exchange your company uses.
The vulnerabilities reside in the on-premises editions of Microsoft Exchange Server. It is not present in the cloud-based Exchange Online or Microsoft 365 (formerly O365) email services.
Who is behind the attacks?In a blog post, Microsoft said that it believed a Chinese state-sponsored hacking group called “Hafnium” were behind the attacks.
China has denied any involvement.
However, the release of the security patches and the tardiness of some organisations to defend themselves has almost inevitably encouraged other hackers to also target vulnerable systems.
The US Cybersecurity and Infrastructure Security Agency (CISA) microsoft exchange server
