The U.S Department of Homeland Security issued an emergency directive on March 3rd in response to recent cyber attacks deemed unacceptable risks to federal agencies.
What We Know:
- Exchange Server is an enterprise-class collaboration product that primarily focuses on sending, receiving, and storing e-mail messages. Microsoft urges customers to update their Exchange Server in order to patch out vulnerabilities that were most recently exploited by a hacker group called Hafnium. The vulnerabilities in question were first discovered in early January by researchers at a cybersecurity firm called Volexity Inc. Hafnium is suspected as having backing from the Chinese government.
- Last year, two groups of hackers exploited a flaw in software designed by SolarWinds corp. Federal officials claim the suspected group had Russian and Chinese origins. Together the two groups impacted at least nine U.S agencies and 100 companies, including Microsoft. The SolarWinds breach was also labeled a national security emergency by U.S lawmakers. A spokesperson for the Chinese Foreign Ministry, Wang Wenbin, asserts that they “hope that relevant media and company will adopt a professional and responsible attitude and underscore the importance of having enough evidence when identifying cyber-related incidents, rather than make groundless accusation.”
- The goal of Hafnium was to steal information from U.S targets like universities, defense contractors, law firms, and infectious-disease researchers. The attacks specifically allow Hafnium access to user e-mail accounts and install malware on devices. Although Microsoft has responded promptly to the situation by creating a patch fix to the breach, there is still concern on whether or not users will be able to install the update correctly. Satnam Narang, a staff research engineer at cybersecurity company Tenable Inc., describes the severity of the problem as quite intense because Microsoft decided to patch the problem now instead of a later date in a regular update.
- According to cybersecurity firm Huntress’ research, 400 exchange servers were found to be vulnerable out of the total 2,000. John Hammond, a senior security researcher at Huntress, warns that these attacks may very well spread if proper action is not taken. Once access has been granted to hackers, they can then create a web-shell called a web-shell that allows them to take control remotely.
There doesn’t appear to be a timeline on the future of these attacks or when they will stop, but if the matter is not treated seriously, hackers will surely continue.
