British Companies Compromised By Exchange Email Hacking

Uploaded on 2021-03-23 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Hundreds of British companies have been hacked and threatened with ransom payments to recover their vital data  as part of a global campaign that Microsoft say is linked to Chinese state-sponsored hackers

The British National Cyber Security Centre (NCSC) is warning businesses to urgently update their Microsoft email servers following a state-sponsored espionage campaign. Governments around the world are warning  organisations to secure their systems. 

Leading cyber security firm ESET  thinks there have been  more than 500 email servers in the UK that may have been hacked and many companies are not aware they are victims of the attack. Indeed, it may well be too late, as at least 10 hacking teams are taking advantage of the resulting chaos. 

The NCSC has joined US authorities in issuing warnings about the hack, but says it is still assessing the situation for UK businesses. The Norwegian national cyber security agency is actively scanning for companies at risk in the country and is  warning them directly.

Zero Day Attack 

The hacking campaign was first announced by Microsoft on 2 March and blamed on a Chinese government-backed hacking group called Hafnium. Microsoft said the group was using four hacking techniques not seen before to infiltrate the email systems of US companies. The attackers targeted the popular email system Microsoft Exchange Server, used by large corporations and public bodies across the world. 

Microsoft has released software updates for the so called "zero-day" exploits and urged customers to install them to protect themselves. However, the hacking has escalated from espionage to crisis levels, with some reports estimating tens of thousands of organisations could be affected.

According to ESET, as many as 10 different hacking groups are now actively using the zero-days exploits to target companies in 115 different countries. ESET says it has detected the backdoors on 5,000 separate servers worldwide and more than 500 of them are in the UK. The companies range across financial institutions, manufacturing and retail. Researchers at FireEye have also detected multiple groups, thought to be based in China, using the exploit. 

Cyber security teams are racing to find out which companies have been hacked and to remove the malicious computer code  to evict the  hackers.

Once a company network has been penetrated the hackers set about planting 'Webshells', pieces of computer code that can act like a backdoor into a computer network. Once installed, hackers then have easy access to the network and can either steal or spy on email messages, or use the access to launch more crippling attacks, including ransomare.

Beware A Second Wave

Another British cyber security firm CyberGuard Technologies reports that  it is dealing with 42 separate cases where hackers have installed such backdoors and is warning of the urgent need for organisations to secure their systems.  "It only takes someone to alter this approach to drop a more malicious malware package .....  I think we're going to see mass ransomware attacks happen as a second wave of this." Sean Tickle of CyberGuard told reporters. 

NCSC:     ESET:      Cyber Guard Technologies:     Telegraph:      Sky:     BBC:       

Reddit:      Samachar Central:     Image: Unsplash

You Might Also Read:

Remote Working Compromises Outbound Email:

 

« Cyber Security For US Weapons Systems Criticised
The Iran-Russia Cyber Agreement & US Strategy In The Middle East »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

Vuntie

Vuntie

Vuntie blend European craftsmanship, performance and open-source technology to deliver cybersecurity services including penetration testing, incident response, training and consultancy.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Hold Security

Hold Security

Hold Security works with companies of all sizes to provide unparalleled Threat Intelligence services that actually make a difference.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

CyberHub

CyberHub

CyberHub is an educational platform that offers professional courses and knowledge sharing through articles and videos to help students discover their potential in cybersecurity.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.