Four Microsoft vulnerabilities that have recently become known have apparently been exploited across the board. The techMagazin “Wired» reported on Saturday that tens of thousands of corporate, government and educational e-mail servers were hacked in the United States.
There are also first victims in Switzerland. The National Center for Cybersecurity (NCSC), for example, has “received initial reports of successful attacks in Switzerland.” The Swiss cyber defense agency did not provide any further details.
A security update has been available for the vulnerabilities since last Wednesday. However, experience has shown that it takes a while until updates are installed by all the companies concerned. A so-called patch, i.e. the correction of the error, can even make a critical gap even more dangerous at times: If attackers know that a gap may soon be closed, they often intensify their efforts in order to access as much data as possible.
Financial supervision as a victim
That seems to have happened in this case. On February 26, the attackers apparently began to automatically build back doors into vulnerable Microsoft Exchange servers, attacking thousands of servers an hour. The update from Microsoft only came on March 3rd. Exchange is used as an email platform by many companies, government agencies and educational institutions.
According to the security company Huntress, banks, energy service providers, old people’s homes and an ice cream manufacturer are among the victims that have become known in the USA. Huntress analyzed the attacks. The European Banking Authority (EBA) also announced on Sunday that unauthorized persons may have had access to e-mails.
Espionage in Switzerland?
“Chinese state-sponsored hackers are suspected to be behind the attack. The goal is presumably espionage, ”says Reto Häni, partner and IT security expert at the management consultancy Deloitte. Microsoft itself suspects the Chinese hacker group called Hafnium to be behind the attack. “The targets should be primarily in the USA, but I do not rule out that the security gap is also used to spy on Swiss companies,” says Deloitte expert Häni.
The vulnerability is there – because in Switzerland too, “a lot of companies still operate their mail services locally on their own mail servers,” he adds. This is why the federal cybersecurity agency speaks of a “threat that must be taken very seriously”.
The NCSC and Deloitte advise in unison to apply the security update as soon as possible. Until that happens, companies should “check whether they can block web browser access by then. This is one of the attackers’ gateways, ”says the expert Häni.
[ source link ]
Local companies affected hackers security holes Exchange attacks Switzerland