British Companies Compromised By Exchange Email Hacking

Uploaded on 2021-03-23 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Hundreds of British companies have been hacked and threatened with ransom payments to recover their vital data  as part of a global campaign that Microsoft say is linked to Chinese state-sponsored hackers

The British National Cyber Security Centre (NCSC) is warning businesses to urgently update their Microsoft email servers following a state-sponsored espionage campaign. Governments around the world are warning  organisations to secure their systems. 

Leading cyber security firm ESET  thinks there have been  more than 500 email servers in the UK that may have been hacked and many companies are not aware they are victims of the attack. Indeed, it may well be too late, as at least 10 hacking teams are taking advantage of the resulting chaos. 

The NCSC has joined US authorities in issuing warnings about the hack, but says it is still assessing the situation for UK businesses. The Norwegian national cyber security agency is actively scanning for companies at risk in the country and is  warning them directly.

Zero Day Attack 

The hacking campaign was first announced by Microsoft on 2 March and blamed on a Chinese government-backed hacking group called Hafnium. Microsoft said the group was using four hacking techniques not seen before to infiltrate the email systems of US companies. The attackers targeted the popular email system Microsoft Exchange Server, used by large corporations and public bodies across the world. 

Microsoft has released software updates for the so called "zero-day" exploits and urged customers to install them to protect themselves. However, the hacking has escalated from espionage to crisis levels, with some reports estimating tens of thousands of organisations could be affected.

According to ESET, as many as 10 different hacking groups are now actively using the zero-days exploits to target companies in 115 different countries. ESET says it has detected the backdoors on 5,000 separate servers worldwide and more than 500 of them are in the UK. The companies range across financial institutions, manufacturing and retail. Researchers at FireEye have also detected multiple groups, thought to be based in China, using the exploit. 

Cyber security teams are racing to find out which companies have been hacked and to remove the malicious computer code  to evict the  hackers.

Once a company network has been penetrated the hackers set about planting 'Webshells', pieces of computer code that can act like a backdoor into a computer network. Once installed, hackers then have easy access to the network and can either steal or spy on email messages, or use the access to launch more crippling attacks, including ransomare.

Beware A Second Wave

Another British cyber security firm CyberGuard Technologies reports that  it is dealing with 42 separate cases where hackers have installed such backdoors and is warning of the urgent need for organisations to secure their systems.  "It only takes someone to alter this approach to drop a more malicious malware package .....  I think we're going to see mass ransomware attacks happen as a second wave of this." Sean Tickle of CyberGuard told reporters. 

NCSC:     ESET:      Cyber Guard Technologies:     Telegraph:      Sky:     BBC:       

Reddit:      Samachar Central:     Image: Unsplash

You Might Also Read:

Remote Working Compromises Outbound Email:

 

« Cyber Security For US Weapons Systems Criticised
The Iran-Russia Cyber Agreement & US Strategy In The Middle East »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

Devel Group

Devel Group

Devel are a LATAM cybersecurity company specialized in providing services in the financial and enterprise sector.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

SafeHouse Technologies

SafeHouse Technologies

SafeHouse is a cloud-based, high-end cybersecurity platform that can secure and insure any device that is connected to it.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

Effectiv

Effectiv

Effectiv is a real-time fraud & risk management platform for Financial Institutions and Fintechs.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.

Amnet Technology Solutions (Amnet Systems)

Amnet Technology Solutions (Amnet Systems)

Amnet Systems is a technology services organization that provides Managed IT, Cloud Computing, Cyber Security, Data Center and Audio Visual services since 1995.