[ad_1]
A week after Microsoft announced that its widely used email server program had been hacked, experts are not encouraged by what they have found.
“In short, it got really complicated,” said Katie Nickels, chief intelligence officer for cybersecurity firm Red Canary. “We see no sign of this slowdown.”
The cybersecurity community sprang into action after Microsoft first announced a series of vulnerabilities that allowed hackers to break into the company’s Exchange email and calendar programs. China has used it to spy on a wide range of industries in the United States, from medical research to law firms to defense contractors, the company said. China has denied any responsibility.
But it didn’t stop there. Microsoft’s announcement complicated matters, with efforts to correct the flaws appearing to have prompted more hackers to exploit organizations that have yet to update the software.
Nickels said she saw indications that five different hacker groups, whose identities are unknown, were now exploiting her.
The list of victims is growing, said Ben Read, director of threat analysis at cybersecurity firm Mandiant.
“It’s big,” he said. “We are over 40 incidents that we respond to, just the current clients that we have. We are over 500 probable victims based on confirmation from probable sources. “
Although there is no official and public list of victims, the full tally is “certainly in the tens of thousands,” Read said. “There are certainly a lot of small and medium-sized entities. This is the Exchange clientele. “
A White House National Security Council spokesperson said in an emailed statement that the Biden administration is “undertaking a whole-of-government response to assess and address the impact.”
“It is an active threat that is still growing,” the spokesperson said.
Although no government agency has been affected so far, the United States Cybersecurity and Infrastructure Security Agency, the country’s main cybersecurity agency, on Wednesday exercised its emergency powers to force government agencies to shut down. update to the latest version of Exchange.
In an unusually candid message, the agency tweeted Monday night that “CISA urges ALL organizations in ALL industries to follow the advice to combat widespread domestic and international exploitation of vulnerabilities in Microsoft Exchange Server products.”
The hacking started quietly, like a more surgical operation. Initially, the only hackers operating Exchange were those Microsoft identified as Chinese spies around the start of the year, researchers said.
Towards the end of January, cybersecurity firm Volexity noticed hackers spying on two of its customers and alerted Microsoft so it could start working on a fix in its next Exchange software update.
“They were using it explicitly to steal emails,” Volexity president Steven Adair said on a phone call. “It was under the radar.”
Adair said that after telling Microsoft he noticed a change in the activity of hackers – they seemed to realize a fix was coming, so they went from stealthily reading emails to attempting to create bases to stay in the networks of their victims, which made them much more visible to cybersecurity advocates.
“You don’t care if they’re loud, because you’re trying to beat a patch,” he said of the hacker hub. “You’ve found your priority targets, you’ve stolen emails and now you want to move on. You might want to build an infrastructure to launch future attacks. “
Nickels, of Red Canary, said hackers began to frantically exploit vulnerabilities in Exchange towards the end of February, and it has escalated since then.
“We continued to see the exploitation of these vulnerabilities over the weekend,” she said. “Any organization with an Exchange server should take it very seriously.”
[ad_2]
Source link