A sophisticated attack on Microsoft’s widely used business email software is turning into a global cyber security crisis as hackers compete to infect as many victims as possible before companies can secure their computer systems.
The attack, which Redmond co-founder Microsoft said was launched by a Chinese government-backed hacker group, has killed at least 60,000 people worldwide, according to a former senior US official who is aware of the investigation. Many of them seem to be businesses that caught the attackers on the wide web when Microsoft was trying to crack the hack.
The European Banking Authority became one of the latest victims, as it said on Sunday that access to personal data stored on a Microsoft server could be disrupted. Among others posted on the blog on Friday are banks, electricity suppliers, as well as homes for the elderly and an ice cream company. According to Hendres, Elliott City, Maryland, which oversees customer safety.
An American cybersecurity company, which asked not to be named, said its experts were only working with at least 50 victims, trying to quickly figure out what data hackers could take while trying to extract them. The rapidly escalating attack came months after violations by alleged Russian cyber-attackers by SolarWinds և partly worried US national security officials, as recent hackers have been able to hit so many victims so quickly. Researchers say that in the final stages of the attack, criminals automated the process, counting tens of thousands of new victims around the world in a matter of days.
Washington is preparing for its first major steps to avenge foreign incursions over the next three weeks, the New York Times reported, citing unnamed officials. It envisages a number of secret operations through Russian networks. They are intended to send a message to Vladimir Putin և to his intelligence services, coupled with economic sanctions. President Biden may issue an executive order to support federal agencies against Russian hackers, the newspaper reported. “We are carrying out the entire government response to assess and eliminate the impact,” a White House official wrote in an email Saturday. “This is an active threat that is still evolving. We urge network operators to take it very seriously.”
A Chinese hacker group called Microsoft Hafnium has been hacking into private, public computer networks for months, using the company’s popular Exchange e-mail software, initially targeting only a small number of victims, says Stephen Adair, of North Virginia. state-based Volexity. The cyber security company helped Microsoft uncover the flaws used by the hackers, for which the software giant corrected on Tuesday.
The result is the second cyber security crisis in months, after suspected Russian hackers broke into nine federal agencies – at least 100 companies – with fake updates from IT maker SolarWinds. Cybersecurity experts, who protect the world’s computer systems, have expressed a growing sense of frustration and exhaustion.
“The good guys are tired,” said Charles Carmakal, senior vice president of FireEye in Milpitas, California.
Asked by Microsoft on Wednesday whether China’s attack on China, the Chinese Foreign Ministry spokesman said on Wednesday that the country was “strongly opposed to cyberattacks, all forms of cyber theft”, and suggested that blaming a certain nation ” It is a very sensitive political issue. “
Both the latest incident and the SolarWinds attack show the fragility of modern networks, the complexity of state-sponsored hackers to identify vulnerabilities that are difficult to identify, or even to spy on them. They also include sophisticated cyberattacks, with the initial burst of a large number of computers, which then narrow as attackers focus their efforts, which can take weeks or months to resolve.
In the event of Microsoft errors, simply applying the company-provided updates will not remove attackers from the network. We need to review the affected systems, said Karmakal. And the White House stressed the same, including National Security Council tweets urging a growing list of victims to carefully comb their computers for signs of attackers. Initially, Chinese hackers seemed to target high-value intelligence targets in the United States, Adair said. About a week ago, everything changed. Other unknown hacker groups soon began attacking thousands of victims by installing hidden software that could later gain access to them, he said.
“They went to the city and started to carry out mass exploitation. “Attacks that endangered exchange servers, literally all over the world, regardless of purpose or size or industry,” Adair said. “They hit any server they could.”
Adair said other hacker groups may have found the same flaws, launched their own attacks, or that China may have wanted to capture as many victims as possible and then find out what the intelligence value was.
Either way, the attacks were so successful, արագ so fast, that hackers seemed to have found a way to automate the process. “If you work with an Exchange server, you are probably a victim,” he said.
According to other security companies, the scope of the attacks may not be so bad. Researchers from Huntress surveyed about 3,000 vulnerable servers in its partner networks և detected about 350 infections, or more than 10%. Although SolarWinds hackers have infected organizations of all sizes, many of the latest victims are small, medium-sized, local governments. The organizations most affected are those that have an e-mail server running vulnerable software, directly exposed to the Internet, and risky equipment, which is usually avoided by older people.
Smaller organizations “are already struggling because of Covid’s shutdowns. This exacerbates the already dire situation, “said Jim McMurray, founder of the Milton Security Group in Southern California. “Working with several clients, I know it takes a lot of time to search, clean, and ensure that they are not affected beyond the initial attack vector.”
McMurray said the issue was “very bad”, but added that the damage should be mitigated slightly due to the fact that “this was possible, it was solvable”.
Microsoft has stated that customers who use its cloud email system are not affected. Using automation to launch highly sophisticated attacks could mark a new, intimidating era in cybersecurity that could deplete the limited resources of defenders, say some experts.
Some of the initial infections appear to be the result of automated scanning and installation of malware, says Alex Stamos, a cybersecurity consultant. Investigators will look for infections that led hackers to take the next step: steal data such as e-mail archives, and then search for any valuable information.
“If I were to lead any of these teams, I would pull out the emails as quickly as possible and then extract them for gold,” Stamos said.