Massive Exchange Attack

TenFour · 6 Mar 2021, 07:19 PM

If you are using Microsoft Exchange on a local server patch now! https://krebsonsecurity.com/2021/03/...re/#more-54608

EricG · 7 Mar 2021, 02:52 PM

First detected Jan 6, fixes from MS Mar 2. That's pretty slow.
Google news shows tech sites reporting on Mar 2/3, Krebs Mar 5 and MSM Mar 6.

The wake up call we need if it's actually China's state hackers. We can't have our tech industry dependent on China.

TenFour · 7 Mar 2021, 06:57 PM

MS is trying to force everyone into the cloud with monthly subscriptions, whether they like it or not. I suspect they've reduced staff and support for most on-site software systems, so in some ways an attack like this is actually somewhat helpful to them. Personally, I do think the cloud is the way to go for most businesses, and something like this is one reason why. I used to work at a small nonprofit that had an Exchange server on premises and it was nothing but trouble. Bigger companies might be able to hire the fulltime staff to handle on premises server management, but they won't have teams of thousands all over the world working 24/7 like MS does.

digp · 7 Mar 2021, 07:20 PM

It's a must that email is encrypted at rest and 2fa is mandatory, I appreciate if it is a bug/hack they might be able to bypass 2fa (?) but encrypted at rest they should not be able to should they.

TenFour · 7 Mar 2021, 07:30 PM

Here's a Microsoft blog post with more of the technical details: https://www.microsoft.com/security/b...hange-servers/

TenFour · 8 Mar 2021, 10:21 PM

Another article with more information: https://www.zdnet.com/article/everyt...e-server-hack/

janusz · 9 Mar 2021, 12:44 AM

Victims include The European Banking Authority

Quote:

The European Banking Authority's email servers have been compromised in a global Microsoft Exchange cyber-attack.

The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage. "The EBA is working to identify what, if any, data was accessed," it said.

Microsoft believes a Chinese state-sponsored attacker called Hafnium is behind the hack. But China denies any involvement.

https://www.bbc.com/news/technology-56321567

6 Mar 2021, 07:19 PM	#1
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,723	Massive Exchange Attack If you are using Microsoft Exchange on a local server patch now! https://krebsonsecurity.com/2021/03/...re/#more-54608

7 Mar 2021, 02:52 PM	#2
EricG Essential Contributor Join Date: Aug 2009 Location: Canada Posts: 296	First detected Jan 6, fixes from MS Mar 2. That's pretty slow. Google news shows tech sites reporting on Mar 2/3, Krebs Mar 5 and MSM Mar 6. The wake up call we need if it's actually China's state hackers. We can't have our tech industry dependent on China.

7 Mar 2021, 06:57 PM	#3
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,723	MS is trying to force everyone into the cloud with monthly subscriptions, whether they like it or not. I suspect they've reduced staff and support for most on-site software systems, so in some ways an attack like this is actually somewhat helpful to them. Personally, I do think the cloud is the way to go for most businesses, and something like this is one reason why. I used to work at a small nonprofit that had an Exchange server on premises and it was nothing but trouble. Bigger companies might be able to hire the fulltime staff to handle on premises server management, but they won't have teams of thousands all over the world working 24/7 like MS does.

7 Mar 2021, 07:20 PM	#4
digp Master of the @ Join Date: May 2003 Posts: 1,320	It's a must that email is encrypted at rest and 2fa is mandatory, I appreciate if it is a bug/hack they might be able to bypass 2fa (?) but encrypted at rest they should not be able to should they.

7 Mar 2021, 07:30 PM	#5
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,723	Here's a Microsoft blog post with more of the technical details: https://www.microsoft.com/security/b...hange-servers/

8 Mar 2021, 10:21 PM	#6
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,723	Another article with more information: https://www.zdnet.com/article/everyt...e-server-hack/