Published: July 14, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Microsoft announced that Hafnium, the state-sponsored cybercriminal group operating from China, is not the only threat actor launching attacks against flaws in its Exchange Server. In an update, Microsoft said the company “continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond Hafnium.”
Although the initial attacks were launched by Hafnium as the lone threat actor, finding additional bad actors exploiting the software’s vulnerabilities could become a hacking free-for-all. The results of Microsoft’s findings come down to this: more attackers equal more attacks.
A post in “Microsoft On the Issues” points to the crux of the situation from the company’s perspective “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.”
According to KrebsOnSecurity, more than 30,000 organizations in the U.S. have been hacked by Hafnium, including local businesses, cities, and local governments. The hacking group is focused on stealing email from its victims, and Microsoft found there are four new security flaws in the email Exchange Server. These flaws can give hackers total control over victim systems from a remote location.
So, take the advice from Microsoft and patch systems immediately. This, as well as continually educating staff and contractors on new phishing threats, is the best way to prevent any cybersecurity attack.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org