British Companies Compromised By Exchange Email Hacking

Uploaded on 2021-03-23 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Hundreds of British companies have been hacked and threatened with ransom payments to recover their vital data  as part of a global campaign that Microsoft say is linked to Chinese state-sponsored hackers

The British National Cyber Security Centre (NCSC) is warning businesses to urgently update their Microsoft email servers following a state-sponsored espionage campaign. Governments around the world are warning  organisations to secure their systems. 

Leading cyber security firm ESET  thinks there have been  more than 500 email servers in the UK that may have been hacked and many companies are not aware they are victims of the attack. Indeed, it may well be too late, as at least 10 hacking teams are taking advantage of the resulting chaos. 

The NCSC has joined US authorities in issuing warnings about the hack, but says it is still assessing the situation for UK businesses. The Norwegian national cyber security agency is actively scanning for companies at risk in the country and is  warning them directly.

Zero Day Attack 

The hacking campaign was first announced by Microsoft on 2 March and blamed on a Chinese government-backed hacking group called Hafnium. Microsoft said the group was using four hacking techniques not seen before to infiltrate the email systems of US companies. The attackers targeted the popular email system Microsoft Exchange Server, used by large corporations and public bodies across the world. 

Microsoft has released software updates for the so called "zero-day" exploits and urged customers to install them to protect themselves. However, the hacking has escalated from espionage to crisis levels, with some reports estimating tens of thousands of organisations could be affected.

According to ESET, as many as 10 different hacking groups are now actively using the zero-days exploits to target companies in 115 different countries. ESET says it has detected the backdoors on 5,000 separate servers worldwide and more than 500 of them are in the UK. The companies range across financial institutions, manufacturing and retail. Researchers at FireEye have also detected multiple groups, thought to be based in China, using the exploit. 

Cyber security teams are racing to find out which companies have been hacked and to remove the malicious computer code  to evict the  hackers.

Once a company network has been penetrated the hackers set about planting 'Webshells', pieces of computer code that can act like a backdoor into a computer network. Once installed, hackers then have easy access to the network and can either steal or spy on email messages, or use the access to launch more crippling attacks, including ransomare.

Beware A Second Wave

Another British cyber security firm CyberGuard Technologies reports that  it is dealing with 42 separate cases where hackers have installed such backdoors and is warning of the urgent need for organisations to secure their systems.  "It only takes someone to alter this approach to drop a more malicious malware package .....  I think we're going to see mass ransomware attacks happen as a second wave of this." Sean Tickle of CyberGuard told reporters. 

NCSC:     ESET:      Cyber Guard Technologies:     Telegraph:      Sky:     BBC:       

Reddit:      Samachar Central:     Image: Unsplash

You Might Also Read:

Remote Working Compromises Outbound Email:

 

« Cyber Security For US Weapons Systems Criticised
The Iran-Russia Cyber Agreement & US Strategy In The Middle East »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

Cyber Risk Policies

Cyber Risk Policies

CyberRiskPolicy.com is a joint venture between the Poindexter Surety Group of companies and Gibbs Cyber Security.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Absolute IT Asset Disposals

Absolute IT Asset Disposals

Absolute IT Asset Disposals is an IT asset disposal (ITAD) company providing safe and secure recycling of IT assets.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

Axur

Axur

Discover and eliminate digital fraud and risks on the web. Utilize Axur’s entire AI potential, along with thousands of bots dispersed throughout the surface web as well as the deep and dark web.

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

DataSixth Security Consulting

DataSixth Security Consulting

DataSixth delivers Cybersecurity Intelligence. With our unique capabilities, we’re able to deliver value, deliver answers, and deliver actionable security intelligence.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

Zally

Zally

Using advanced behavioural biometrics and AI, Zally is the world's answer to next-generation security.