Why Microsoft Exchange is in the storm for the attack on the EBA
Cyberattack on the European Banking Authority (Eba). Affected Microsoft Exchange Server. Here is what data may have been stolen
The European Banking Authority (EBA) has been the target of a cyber attack on its Microsoft Exchange servers, which is affecting many organizations around the world. He broke the news last night.
The EBA indicated that being "the vulnerability related to the Authority's e-mail servers, access to personal data through e-mail messages stored on these servers could be in the hands of the attacker". As a precautionary measure, the EBA has decided to take its email systems offline.
As mentioned, the European authority is not the only institution under attack. A group of hackers has attacked at least 30,000 businesses, cities and local governments in the United States in recent days. Attackers exploited vulnerabilities in Microsoft Exchange Server email software. This was reported by the KrebsOnSecurity website, which specializes in cybercrime.
The Microsoft Threat Intelligence Center (MSTIC) attributed the attacks to Hafnium, most likely a group backed by China. A Chinese government spokesman told Reuters news agency that Beijing is not behind the attack.
News of the breach prompted the US Cybersecurity and Infrastructure Security Agency (Cisa) to issue an emergency directive.
The cyber attack follows and surpasses the maxi cyber attack SolarWinds through the Orion platform .
All the details.
THE IT ATTACK THAT HIT THE MICROSOFT EXCHANGE SERVER
The EBA took all email systems offline after the cyber attack on its Microsoft Exchange servers.
DATA AT RISK
According to the authority, the attackers may have obtained access to personal data through e-mails stored on MS Exchange servers. The EBA is currently trying to identify what data, if any, and if it has been accessed.
THE REACTION OF THE EBA
“The Authority has launched a full investigation, in close cooperation with its ICT provider, a team of forensic experts and other relevant entities,” EBA said.
“The EBA will provide information on measures that stakeholders could take to mitigate possible negative effects. As a precautionary measure, the EBA has decided to take its e-mail systems offline ”.
WHAT MICROSOFT HAS DONE
Microsoft released emergency security patches last week. In this way it filled the four security holes affecting the version of Exchange Server from 2013 to 2019.
Microsoft urged Exchange customers to apply patches immediately because "criminal groups will move quickly to take advantage of any unpatched systems."
THE DURATION OF THE CYBERNETIC ATTACK
However, according to KrebsOnSecurity, the attack is ongoing from January 6 to the end of February. Microsoft released its patches on March 2, meaning the attackers had nearly two months to complete their operations.
In an update on the situation, Microsoft says: “In the attacks observed, the actor used these vulnerabilities to access local Exchange servers that enabled access to email accounts and allowed the installation of additional malware to facilitate access. long-term"
THE AGGRESSOR ACCORDING TO THE COLOSSUS OF REDMOND
Microsoft attributed the attack to Hafnium, a state-sponsored hacker group operating from China.
THE CISA DIRECTIVE
Over the weekend, the US CISA warned it was "aware of the widespread national and international exploitation" of Microsoft Exchange Server vulnerabilities. Therefore, the agency urged that Exchange Server logs be scanned with Microsoft's IOC Detection Tool to determine the compromise.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/perche-microsoft-exchange-e-nella-bufera-per-lattacco-eba/ on Mon, 08 Mar 2021 15:12:20 +0000.