Published on March 10th, 2021 📆 | 3616 Views ⚑
0Australian corporations hit by massive Microsoft Server hack
Australia's cyber security watchdog has urgently warned Aussie corporations using Microsoft Exchange products to urgently patch their software after it was compromised by hackers.
Microsoft Exchange Server holds millions of corporate emails, calendars and rostering products and if hacked entire email inboxes could be wiped as well as stolen.
The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) today confirmed Australian organisations – thought to be over 7000 servers locally - had been affected by the hack.
Ladislav Zezula, Malware Analyst at antivirus provider Avast, said the hack could be potentially very damaging for corporations.
"There is a vulnerability in Microsoft Exchange email and calendar server causing potential threat for businesses using the solution," Mr Zezula said.
"When exploited by cyberattackers, this vulnerability can lead to wiping the computer, installation of ransomware or backdoors, stealing all email addresses and messages as well as spreading to the entire company's network."
Mr Zezula explained that this was not an attack on individuals but rather large corporations and public institutions.
"Running the malicious code under the SYSTEM account, the attacker can completely take over the computer," Mr Zezula said.
"Possible collateral moves are wiping the machine, installation of ransomware, installation of backdoors, stealing all e-mail addresses and e-mail messages."
He explains that hackers could leave no trace of their involvement, but instead install "back doors" which would allow them to enter remotely at any time.
"Because an Exchange Server is often the heart of the e-mail communication in a company, this would effectively cripple the company's communication, as well as reveal their internal intellectual properties," Mr Zezula said.
"Furthermore, the attackers can actually move laterally through the network.
"This could lead to all kinds of attacks, such as a full ransomware attack against all computers in the network and massive data leaks."
Gloss