British Companies Compromised By Exchange Email Hacking

Uploaded on 2021-03-23 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Hundreds of British companies have been hacked and threatened with ransom payments to recover their vital data  as part of a global campaign that Microsoft say is linked to Chinese state-sponsored hackers

The British National Cyber Security Centre (NCSC) is warning businesses to urgently update their Microsoft email servers following a state-sponsored espionage campaign. Governments around the world are warning  organisations to secure their systems. 

Leading cyber security firm ESET  thinks there have been  more than 500 email servers in the UK that may have been hacked and many companies are not aware they are victims of the attack. Indeed, it may well be too late, as at least 10 hacking teams are taking advantage of the resulting chaos. 

The NCSC has joined US authorities in issuing warnings about the hack, but says it is still assessing the situation for UK businesses. The Norwegian national cyber security agency is actively scanning for companies at risk in the country and is  warning them directly.

Zero Day Attack 

The hacking campaign was first announced by Microsoft on 2 March and blamed on a Chinese government-backed hacking group called Hafnium. Microsoft said the group was using four hacking techniques not seen before to infiltrate the email systems of US companies. The attackers targeted the popular email system Microsoft Exchange Server, used by large corporations and public bodies across the world. 

Microsoft has released software updates for the so called "zero-day" exploits and urged customers to install them to protect themselves. However, the hacking has escalated from espionage to crisis levels, with some reports estimating tens of thousands of organisations could be affected.

According to ESET, as many as 10 different hacking groups are now actively using the zero-days exploits to target companies in 115 different countries. ESET says it has detected the backdoors on 5,000 separate servers worldwide and more than 500 of them are in the UK. The companies range across financial institutions, manufacturing and retail. Researchers at FireEye have also detected multiple groups, thought to be based in China, using the exploit. 

Cyber security teams are racing to find out which companies have been hacked and to remove the malicious computer code  to evict the  hackers.

Once a company network has been penetrated the hackers set about planting 'Webshells', pieces of computer code that can act like a backdoor into a computer network. Once installed, hackers then have easy access to the network and can either steal or spy on email messages, or use the access to launch more crippling attacks, including ransomare.

Beware A Second Wave

Another British cyber security firm CyberGuard Technologies reports that  it is dealing with 42 separate cases where hackers have installed such backdoors and is warning of the urgent need for organisations to secure their systems.  "It only takes someone to alter this approach to drop a more malicious malware package .....  I think we're going to see mass ransomware attacks happen as a second wave of this." Sean Tickle of CyberGuard told reporters. 

NCSC:     ESET:      Cyber Guard Technologies:     Telegraph:      Sky:     BBC:       

Reddit:      Samachar Central:     Image: Unsplash

You Might Also Read:

Remote Working Compromises Outbound Email:

 

« Cyber Security For US Weapons Systems Criticised
The Iran-Russia Cyber Agreement & US Strategy In The Middle East »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Zentera Systems

Zentera Systems

Zentera's CoIP (Cloud over IP) solution offers enterprise-grade networking and security for the emerging cloud ecosystem.

Cellebrite

Cellebrite

Cellebrite delivers comprehensive solutions for mobile data forensics and mobile lifecycle management.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

Tempest

Tempest

TEMPEST is a leading provider of IT products and services including solutions for network and application security.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

RiverSafe

RiverSafe

RiverSafe is a professional services provider specialising in Cyber Security, Data Operations and DevOps, putting security at the heart of everything we do.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

TraitWare

TraitWare

The TraitWare mission is to increase user and company security while simplifying access to digital and physical resources through the elimination of the need for usernames and passwords.

LiveAction

LiveAction

LiveAction’s Network Intelligence platform transforms complex data into actionable insights, providing organizations with a comprehensive view of their network.