British Companies Compromised By Exchange Email Hacking

Uploaded on 2021-03-23 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Hundreds of British companies have been hacked and threatened with ransom payments to recover their vital data  as part of a global campaign that Microsoft say is linked to Chinese state-sponsored hackers

The British National Cyber Security Centre (NCSC) is warning businesses to urgently update their Microsoft email servers following a state-sponsored espionage campaign. Governments around the world are warning  organisations to secure their systems. 

Leading cyber security firm ESET  thinks there have been  more than 500 email servers in the UK that may have been hacked and many companies are not aware they are victims of the attack. Indeed, it may well be too late, as at least 10 hacking teams are taking advantage of the resulting chaos. 

The NCSC has joined US authorities in issuing warnings about the hack, but says it is still assessing the situation for UK businesses. The Norwegian national cyber security agency is actively scanning for companies at risk in the country and is  warning them directly.

Zero Day Attack 

The hacking campaign was first announced by Microsoft on 2 March and blamed on a Chinese government-backed hacking group called Hafnium. Microsoft said the group was using four hacking techniques not seen before to infiltrate the email systems of US companies. The attackers targeted the popular email system Microsoft Exchange Server, used by large corporations and public bodies across the world. 

Microsoft has released software updates for the so called "zero-day" exploits and urged customers to install them to protect themselves. However, the hacking has escalated from espionage to crisis levels, with some reports estimating tens of thousands of organisations could be affected.

According to ESET, as many as 10 different hacking groups are now actively using the zero-days exploits to target companies in 115 different countries. ESET says it has detected the backdoors on 5,000 separate servers worldwide and more than 500 of them are in the UK. The companies range across financial institutions, manufacturing and retail. Researchers at FireEye have also detected multiple groups, thought to be based in China, using the exploit. 

Cyber security teams are racing to find out which companies have been hacked and to remove the malicious computer code  to evict the  hackers.

Once a company network has been penetrated the hackers set about planting 'Webshells', pieces of computer code that can act like a backdoor into a computer network. Once installed, hackers then have easy access to the network and can either steal or spy on email messages, or use the access to launch more crippling attacks, including ransomare.

Beware A Second Wave

Another British cyber security firm CyberGuard Technologies reports that  it is dealing with 42 separate cases where hackers have installed such backdoors and is warning of the urgent need for organisations to secure their systems.  "It only takes someone to alter this approach to drop a more malicious malware package .....  I think we're going to see mass ransomware attacks happen as a second wave of this." Sean Tickle of CyberGuard told reporters. 

NCSC:     ESET:      Cyber Guard Technologies:     Telegraph:      Sky:     BBC:       

Reddit:      Samachar Central:     Image: Unsplash

You Might Also Read:

Remote Working Compromises Outbound Email:

 

« Cyber Security For US Weapons Systems Criticised
The Iran-Russia Cyber Agreement & US Strategy In The Middle East »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

Krista Software

Krista Software

Krista is an intelligent automation platform that combines iPaaS and Conversational AI to automate complete business processes across your teams and apps.

Exalens

Exalens

With deep roots in AI-driven cyber-physical security research and intrusion detection, at Exalens, we are enhancing operational resilience for cyber-physical systems at the OT edge.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

VPNBlade

VPNBlade

VPNBlade is your go-to resource for expert reviews and advice on VPN services.

GrabDefence

GrabDefence

GrabDefence enables digital businesses to thrive by safeguarding their ecosystem against fraud risk, digital identity threats and compliance challenges.