One week ago, Microsoft revealed that Chinese hackers were gaining access to organizations’ email accounts through vulnerabilities.
The hack will probably stand out as one of the top cybersecurity events of the year as Exchange is still widely used worldwide. Significantly, it could lead companies to spend more on security software to prevent future hacks and to move to cloud-based email.
IT departments are working on applying the patches, which takes time, and the vulnerability is still widespread.
Microsoft’s shares had declined by 1.3% since March 1, the day before the company revealed the issues. Meanwhile, over the same period, the S&P 500 index dropped by 0.7%.
Let’s see what happened. On March 2, the company announced vulnerabilities in its Exchange Server mail and calendar software for corporate and government data centers. Microsoft released patches for 2010, 2013, 2016, and 2019 versions of Exchange.
Usually, Microsoft publishes updates on Patch Tuesday, which happens on the second Tuesday of each month. Still, the announcement about attacks on the Exchange software came on the first Tuesday, highlighting its significance.
The company also took the unusual step of issuing a patch for the 2010 edition, even though support for it ended in October. According to security blogger Brian Krebs, that indicates the vulnerabilities the attackers exploited have been in the Microsoft Exchange Server code base for over ten years.
He added that hackers had initially pursued specific targets, but in February, they started going after more servers with vulnerable software that they could spot.
there could be 250,000 or more victims of the attacks
According to the company, the maind group exploiting vulnerabilities is a nation-state group based in China. Notably, attacks on the Exchange software began in early January, which Microsoft gave credit for identifying some of the issues.
According to Microsoft’s corporate vice president, Tom Burt, the group has aimed to gain information from defensive contractors, schools, and other entities in the U.S. Victims include U.S. retailers. The European Banking Authority announced it had been hit.
Media outlets have announced different estimates on the number of victims of the attacks. The Wall Street Journal, citing an unnamed person, reported there could be 250,000 or more.
The company is encouraging users to install the security patches it delivered last week. It has also published information to help customers figure out if their networks had been hit.
According to a Microsoft spokesperson, the firm works closely with the CISA, other government agencies, and security companies to ensure they provide the best possible guidance and mitigation for users.