fbpx
Generic selectors
Exact matches only
Search in title
Search in content
Facebook Fanpage
Twitter Feed
621 Following
860 Followers
The NLRB Revives Google’s Previous Case That Violated Its Labour Law https://t.co/lA4ZNKMKjP via @techbooky https://t.co/2y9yZhuAxS
about 1 hour ago
The Nigerian Forensic Agency Consent The FG To Use Its Prowess As A Tool https://t.co/TABp8J4R99 via @techbooky https://t.co/PD7Wwd7Acr
20 hours ago
How To Build A Top-notch On-demand Cooking Gas Delivery App In 2021 https://t.co/Ojwh75OQVk via @techbooky https://t.co/wEyVtPu9R6
23 hours ago
Android Deleted Tweet About Pixel Buds A-Series It Mistakenly Shared https://t.co/mhF22In8rO via @techbooky https://t.co/XrYQvrwPQj
yesterday
Browse By Categories

Vulnerability In Microsoft’s Email Software With Devastating Results

Share

On Mar. 5, 2021, KrebsOnSecurity broke the news that at least 30,000 organizations and hundreds of thousands globally had been hacked. The same sources who shared those figures say the victim list has grown considerably since then, with many victims compromised by multiple cybercrime groups.

What Happened?

Hackers found four separate security holes in Exchange Server that they used to siphon email communications from Internet-facing systems running Exchange. According to Microsoft officials, hackers have been using all four flaws as part of a complex attack committed by a Chinese cyber espionage group. The group has used the security vulnerabilities to plunder emails.

Hackers found four separate security holes in Exchange Server that they used to siphon email communications from Internet-facing systems running Exchange. #Exchange #Microsoft Click To Tweet

The hackers were able to use vulnerable Exchange Servers that were directly exposed to the internet through the security flaws. This allows hackers to read an organization’s email and export information to a file-sharing site. Hackers may then use this information to commit phishing or ransomware attacks. They may also use software backdoors to steal more data or perform malicious actions that further compromise the organization’s data.

The Chinese espionage group has been known to target entities in the United States, including:

  • Higher education institutions
  • Defense contractors
  • Law firms
  • Infectious disease researchers
  • Non-governmental organizations

How Microsoft Responded to the Attack

On March 2, Microsoft released emergency security updates to plug the four security holes in Exchange Server versions 2013 through 2019 from Internet-facing systems running Exchange.

Dangers of Ransomware Attacks Following the Data Breach

Ransomware is malicious software that typically infects a computer and encrypts all of the data on it so that the owner cannot access their system. There may be a message that says that the owner must immediately pay a large sum of money in order to regain access to their system. The global cost of ransomware is projected to reach $20 billion by 2021. Every 40 seconds, a business falls victim to one of these attacks.

These attacks commonly follow a data breach like the one experienced at Microsoft. In addition to stealing information from email communications, hackers may also install malicious software into the vulnerable systems. They may then demand payment before they will allow the owner to access their own system. Oftentimes, even if the victim pays, the criminal will still withhold the system or demand more money.

These attacks commonly follow a data breach like the one experienced at Microsoft. In addition to stealing information from email communications, hackers may also install malicious software into the vulnerable systems. #Exchange #Email Click To Tweet

Ways to Protect Yourself from Ransomware Attacks

Fortunately, there are several ways that you can increase your organization’s security and prevent ransomware attacks from happening, including:

Cyberattacks can change rapidly. However, hackers will often use similar processes as they gear up for an attack. For example, Emotet or Trickbot infections are often an early warning sign of an attack by Ryuk. If you spot any early warning signs, run a full compromise assessment to minimize or eliminate damage.

2.     Be Careful in the Cloud

While cloud services are becoming increasingly popular, this does not make them impenetrable.  Ensure that you have full visibility over cloud services in case attacks are targeting cloud servers.

3.     Update All Software

Software patches are often released once security vulnerabilities like those found in Microsoft’s systems are discovered. Set your systems to update automatically so that you always have the latest and most secure systems and software possible.

4.     Limit Access

Avoid giving access to sensitive business data to everyone in the organization. Segment the data so that your business is not so vulnerable.

5.     Perform Penetration Testing

Have your internet security professionals test out how secure your network is by conducting occasional penetration testing on it. Try to identify any vulnerabilities and correct them before hackers find and exploit them. Make sure that outsider users cannot remotely access your devices.

6.     Train Staff

Your staff is your first line of defense against cybersecurity attacks. Train them well on good cybersecurity practices, such as not opening links or attachments from unverified senders.

7.     Perform Regular Backups

Ransomware attacks are often successful against businesses that cannot easily recreate the data through a recent backup. Perform daily backups to thwart these attacks.

Conclusion

Microsoft’s attack is just the latest attack of its kind. It is now more important than ever to stay protected and to take all steps to defend your business. Follow the steps above to heighten your security, especially if you were one of the Microsoft attack’s victims.

 

 

BIO

David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.

Total
0
Shares
Previous Post

How Digital Platforms Are Helping The Education Sector During COVID-19

Next Post

Toyota’s Woven Planet Acquires Lyft’s Self-Driving For Millions Of Dollars

Related Posts

Subscribe Our Newsletter

Subscribe

Never miss an important Tech news again

   
HTML Snippets Powered By : XYZScripts.com