Scale Of Microsoft Exchange Cyberattack ‘Rare And Disturbing’
The global cyberattack on Microsoft’s Exchange servers is on a scale rarely seen before, says Michael McKinnon, CIO of Pure Security.
McKinnon told CDN the attackers, believed to be state-backed actors in China, gave Australian companies and government agencies little time to install security patches distributed by Microsoft before they launched their attack here.
He said it’s likely most businesses running an Exchange server have been infected.
“We rarely see something on this scale and it’s rather disturbing,” he said.
“The unfortunate reality is that many organisations aren’t even aware of the situation”, McKinnon added, warning that it will have a long-term affect, not only on the private sector, but governments as well.
“It’s a huge problem for governments and while we don’t know much at this stage, it’s something we’ll hear about soon,” he said.
Australia has around 7000 Microsoft Exchange servers, the fourth highest number in the world after the US, Germany and the UK.
McKinnon said that, based purely on the number of companies running those servers, the cost to business and governments could run into millions of dollars in time and remediation.
“There are some reports that the attacks may include stealing complete mailboxes out of the servers, while the hackers might also be establishing some sort of remote access – or worse, implanting backdoors to get even further into an organisation’s operation,” he said.
The number of businesses impacted globally is estimated to run into the hundreds of thousands. with at least another 10 cybercriminal gangs taking advantage of the vulnerabilities.
But McKinnon says none are as efficient as the state-backed actors, who appear to be a Chinese group known as Hafnium.
“They’re running automated systems to find servers and push malware into those servers,” he said, “They’re not a gang sitting by themselves in a basement.”