CategoriesBritish ChambersCharity SectorConstructionCyber SecurityEducationFinancial & LegalHealth Wellbeing & LeisureInternational TradeIT InsightsJob VacanciesManufacturingMarketingMember NewsPolicySales & Marketing InsightsSussex ShowcaseTransport & Logistics Sector
ArchiveMay 2021April 2021March 2021February 2021January 2021December 2020November 2020October 2020September 2020August 2020July 2020June 2020May 2020April 2020March 2020February 2020January 2020December 2019November 2019October 2019September 2019August 2019July 2019June 2019May 2019April 2019March 2019February 2019January 2019December 2018November 2018October 2018September 2018August 2018May 2018
Microsoft Exchange Server users are being targeted by hackers in a series of ransomware attacks affecting thousands of organisations worldwide.
According to Reuters, more than 20,000 organisations have been compromised in the US with many more across the globe.
The victims include the European Banking Authority which has announced that personal data may have been accessed from its servers. It had to pull its entire email system offline while it assessed the damage.
In early March Microsoft reported a new family of human-operated ransomware attacks labelled Ransom: Win32/DoejoCrypt – also known as “DearCry”– which prevent users from being able to use their PCs or access their data until a payment is sent to hackers.
The hacking campaign has been blamed on a Chinese government-backed hacking group, Hafnium. Microsoft said the group was using four new hacking techniques to infiltrate Exchange email systems.
But internet security company ESET has also identified many other threat groups and behaviour clusters benefitting from the same flaws in Microsoft Exchange. ESET believes more than 500 email servers in the UK may have been hacked, and many companies are unaware they are victims.
Companies using Exchange are advised to install the latest updates immediately. The updates can be found on the Microsoft website. If updates cannot be installed, the recommended Microsoft ‘mitigations’ should be implemented. These mitigations are temporary measures and only recommended where updating is not immediately possible.
If organisations cannot install the updates, or apply any of the mitigations, the UK National Cyber Security Centre (NCSC) recommends isolating the Exchange Server from the internet by blocking untrusted connections to the Exchange Server port 443. If secure remote access solutions are already in place (such as a VPN or VDI), configure Exchange only to be available remotely via this solution.
The NCSC also strongly advises all organisations using affected versions of Microsoft Exchange Servers to proactively search systems for evidence of any compromise in line with Microsoft’s guidance.
Gary Jowett, from Computer & Network Consultants (CNC) in Brighton, said: “CNC has already contacted all of its customers affected and applied the necessary patches. But there will be many businesses unaware of the threat because they do not have an independent IT company looking after their best interests. All organisations that use Microsoft Exchange should follow the NCSC’s guidance as a matter of urgency to avoid storing up hidden problems that could result in the loss of valuable data in the future.”