Microsoft Exchange: Hacked email boxes
Even today, we continue to talk about server security vulnerabilities that affect Microsoft Exchange.
A significant vulnerability that in some ways shakes the professional world as well as the IT world in general. These 4 vulnerabilities, known as Proxylogon, have facilitated the execution of several targeted computer attacks. In this case, Spear phishing or the deployment of ransomware. The deployment of security patches by Redmond's firm was not enough to slow down the cybercrime wave, which is making the most of the discovery of this security breach. Today, thousands of organizations are vulnerable, whether businesses or local authorities.
This article will also interest you: Computer hacking: about 400 computer systems in Belgium affected by the Microsoft Exchange security flaw
Recently, for example, another security flaw has been uncovered that offers the ability to remotely take control of Microsoft Exchange's email servers. Apparently hackers have already taken advantage of the latter to hack into mailboxes.
"Few targets with vulnerable servers have been able to avoid the first automated cyberattacks that have plagued the first for weeks. If that's the case, they have to play Lotto," notes WatchGuard's France director, Pascal Le Digol. The French company mentions that one of the companies with which it collaborates had been hit hard with 50 jobs. His computer system was paralyzed in just six minutes.
The hacking of e-mail boxes was uncovered after the one that affected the European Banking Authority. A hack that was facilitated by the "Proxylogon" security vulnerabilities on Exchange.
In early March 2021, Microsoft issued a warning about the actions of a group of hackers called "Hafnium".This group took advantage of several Type 0 Day security vulnerabilities to infiltrate email boxes to companies and strategic U.S. government organizations.
"Two of them are critical and allow you to launch remote server commands without authentication, take full control of them and access all emails," explains Grégory Cardiet, technical director at Vectra Networks (a company specializing in real-time computer attack detection).
In this way, hackers find themselves in a position to collect enough content from servers that companies have installed
"The problem is systemic because almost everyone uses Microsoft Exchange and the flaws have affected all software versions since 2010," says Vincent Hinderer, a cyber threat expert at Orange Cyberdefense.
According to the American company, the Chinese government is behind all these cybercrime actions. So taking advantage of the security flaw to rush in and implement for when this wave of cyber malice. In March, there was a 10-fold increase in attempts, according to specialists at US cybersecurity firm Checkpoint. This situation has been confirmed by Microsoft.
One of the problems with this situation is that the vulnerabilities in question can be exploited by small hackers
"The most interesting flaw and its code, like the method to exploit it, were shared on Reddit and then copied and shared everywhere, and the list of vulnerable servers is easily accessible in internet databases," says Cardiet. "All hackers, from the most lame, know how to create an automatic script that will probe the presence of vulnerabilities in servers, it's a flaw that hurts very much," adds Pascal Le Digol of WatchGuard Technologies.
When we discovered the security breach, we were talking about 400,000 servers written around the world. Today, with the security patch deployed by Microsoft, it is estimated to be "15,000 servers were vulnerable," says Guillaume Poupard, head of the national information systems security agency.
"There has been an unprecedented general mobilization to deal with the issue and a large part of the park has fortunately been protected, it was not the dreaded "Pearl Harbor"," tries to reassure Vincent Hinderer of Orange Cyberdefense.
Now access an unlimited number of passwords: