Edward Gately | Channelfutures.com »
Microsoft had almost two months to push out the patch it shipped on Mar. 2
There are now at least 60,000 known victims of the massive Microsoft cyberattack on the company’s on-premises Exchange business email software globally.
That’s according to the latest Bloomberg report. The Microsoft cyberattack allowed access to email accounts and installation of malware to increase hackers’ dwell time inside a system.
Microsoft attributes the attack to HAFNIUM, a group considered to be state-sponsored and operating out of China.
In addition, malicious hackers compromised the European Banking Authority’s email servers in the attack.
Saryu Nayyar is CEO of Gurucul.
“With organizations migrating to Microsoft Office 365 en masse over the last few years, it’s easy to forget that on-premises Exchange servers are still in service,” she said. “Some organizations, notably in government, can’t migrate their applications to the cloud due to policy or regulation, which means we will see on-premises servers for some time to come.”
These zero-day vulnerabilities were first detected as early as Feb. 27. That’s according to the team at Huntress, which was first to report it via an MSP partner. The team is seeing organizations of all shapes and sizes affected.
According to Krebs on Security, Microsoft had almost two months to push out the patch it shipped on Mar. 2, or else help Exchange customers mitigate the threat from this flaw before attackers “started exploiting it indiscriminately.”
External Link: Microsoft Cyberattack Continues Growing in Severity, Victims Racking Up