In the wake of numerous hacking attempts on its business email servers around the world, Microsoft has reiterated its warning that patching a device does not always mean the attacker is no longer able to access it.
.The core weaknesses in Microsoft’s business email servers have perplexed cyber security experts, as this “free-for-all” attack opportunity is now being exploited by a large number of criminal gangs, state-backed threat actors, and opportunistic “plot kiddies,” according to researchers at F-Secure.
Despite the fact that several on-premises Microsoft Exchange servers have been patched, a new investigation has discovered that numerous attacks still exist on networks that have already been compromised.
According to the Microsoft 365 Defender Threat Intelligence Team, many of the compromised systems have not yet been subjected to a secondary operation, such as “human-operated ransomware attacks or data exfiltration,” meaning that attackers might be developing and retaining access for possible future actions.
“These activities could include conducting follow-on attacks via persistence on Exchange servers they’ve already compromised, or using credentials and data stolen during these attacks to compromise networks via other entry vectors,” according to the latest update from the tech giant.
Acer, a Taiwanese electronics and device manufacturer, has already been the target of a ransomware attack, with hackers requesting $50 million, the highest reported ransom to date.
According to Bleeping Computer, hackers gained access to Acer documents such as financial spreadsheets, bank balances, and bank messages by exploiting a Microsoft Exchange server vulnerability and breaching the company’s network.
According to previous studies, five separate hacker groups (including a China-backed hacking group known as ‘Hafnium’) are exploiting vulnerabilities in Microsoft’s business email servers.
As per Microsoft, attackers who used the exploit in their toolkits took advantage of their window of opportunity by altering public proof-of-concept exploits or conducting their own analysis.
Italy, Germany, France, the United Kingdom, the United States, Belgium, Kuwait, Sweden, the Netherlands, and Taiwan, according to the F-Secure survey, are currently seeing the most detections .