“Hack everybody you can”: What to know about the massive Microsoft Exchange breach

“Hack everybody you can”: What to know about the massive Microsoft Exchange breach

  • Cybersecurity responders are working around the clock to shore up networks hit by last week’s hack of Microsoft’s Exchange email service — an attack that has impacted hundreds of thousands of organizations worldwide.
  • The window for updating systems could be measured in “hours, not days,” a senior White House administration official said.
  • According to Microsoft corporate vice president Tom Burt, hackers first gained access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities used to “disguise itself as someone who should have access.” Using web shells, hackers controlled servers through remote access – operated from U.S.-based private servers – to steal data from a victim’s network.
  • Experts say it’s common for hackers to step up an attack immediately preceding a fix, but that the pace was much faster in this case. “Once a patch is imminent, [hackers] may turn to wider exploitation because there’s this ‘use it or lose’ it factor,” said Ben Read, the director of threat analysis at the cybersecurity company Mandiant.
  • Microsoft said Friday it is investigating whether attackers were tipped off that a patch was imminent.
  • The list of victims worldwide continues to grow to include schools, hospitals, cities and pharmacies.Cybersecurity firm CyberEye identified “an array of affected victims including U.S.-based retailers, local governments, a university, and an engineering firm.”
  • The latest attack is not connected to last year’s SolarWinds breach, though the timing of two massive, consecutive cyber hacks has strained the ability to respond.

– Nicole Sganga | March 14, 2021