(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Microsoft released updates to secure its Exchange servers against the vulnerabilities and asked organisations to apply them to eliminate risk of cyberattack.
However, according to a report by cyber security firm F-Secure, only about half of the Exchange servers visible on the Internet have applied Microsoft’s patches for these vulnerabilities even after many weeks.
ADVERTISEMENT
If the hacker has breached the server before, then the security patch does not guarantee safety of the server.
Cyber attackers are using this delayed or no response of the companies to target them and gain access to the servers.
“Tens of thousands of servers have been hacked around the world,” Antti Laatikainen, senior security consultant at F-Secure said. “They’re being hacked faster than we can count.”
ADVERTISEMENT
Also Read : Microsoft says Chinese hackers are exploiting mail server vulnerabilities
The vulnerability being exploited can electronically remove all access controls, guards, and locks from the company’s main entry doors, Laatikainen explained in a blog post.
An attacker could compromise a hacked server, upload files and programs, and get inside other parts of the network. F-Secure detected activity for these vulnerabilities in tens of thousands of servers.
F-Secure warned that hundreds of data breaches could be happening right now in the background. Laatikainen expects that companies will start reporting breaches soon.
To top it, these proof-of-concepts attack scripts are made publicly available, allowing even a semi-skilled attacker to gain control of vulnerable Microsoft Exchange Server. This free-for-all attack opportunity is being exploited by threat actors.
As GDPR data protection regulation demands theft of personal data to be reported to the data protection authorities within 72 hours, F-Secure expects the number of GDPR breach reports coming in the next few weeks to be historic.