Microsoft Exchange servers are being hacked faster than one can count, report says

According to a report by cyber security firm F-Secure, only about half of the Exchange servers visible on the Internet have applied Microsoft’s patches for these vulnerabilities even after many weeks.

March 24, 2021 12:03 pm | Updated 12:03 pm IST

Microsoft Exchange servers are being hacked faster than one can count.

Microsoft Exchange servers are being hacked faster than one can count.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Microsoft released updates to secure its Exchange servers against the vulnerabilities and asked organisations to apply them to eliminate risk of cyberattack.

However, according to a report by cyber security firm F-Secure, only about half of the Exchange servers visible on the Internet have applied Microsoft’s patches for these vulnerabilities even after many weeks.

If the hacker has breached the server before, then the security patch does not guarantee safety of the server.

Cyber attackers are using this delayed or no response of the companies to target them and gain access to the servers.

“Tens of thousands of servers have been hacked around the world,” Antti Laatikainen, senior security consultant at F-Secure said. “They’re being hacked faster than we can count.”

Also Read : Microsoft says Chinese hackers are exploiting mail server vulnerabilities

The vulnerability being exploited can electronically remove all access controls, guards, and locks from the company’s main entry doors, Laatikainen explained in a blog post.

An attacker could compromise a hacked server, upload files and programs, and get inside other parts of the network. F-Secure detected activity for these vulnerabilities in tens of thousands of servers.

F-Secure warned that hundreds of data breaches could be happening right now in the background. Laatikainen expects that companies will start reporting breaches soon.

To top it, these proof-of-concepts attack scripts are made publicly available, allowing even a semi-skilled attacker to gain control of vulnerable Microsoft Exchange Server. This free-for-all attack opportunity is being exploited by threat actors.

As GDPR data protection regulation demands theft of personal data to be reported to the data protection authorities within 72 hours, F-Secure expects the number of GDPR breach reports coming in the next few weeks to be historic.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.