Cyber attacks admitted by Microsoft
Ransom-seeking hackers have begun taking advantage of a recently disclosed flaw in Microsoft’s widely used mail server software, Microsoft admitted – a serious escalation that could portend widespread digital disruption.
The disclosure, initially made on Twitter by Microsoft Corp security program manager Phillip Misner and later confirmed by the Redmond, Washington-based company, is the realization of worries that have been coursing through the security community for days.
Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs began using them to shake down organizations across the internet.
The Parliament of Norway also a target
On Wednesday the Norwegian parliament announced its IT-systems had been targeted in a cyber attack: The parliament’s president Tone Wilhelmsen Trøen told state broadcaster NRK that the attack had been “bigger and more advanced” than the one seen in the autumn, where parliament suffered a large-scale hack blamed on a Russia-based group.
“The threat picture is changing rapidly and is increasingly demanding. Such an attack also shows that our democratic processes can be affected,” she said, adding that it was particularly serious that the attack had taken place ahead of this year’s general election.
Even though the security holes announced by Microsoft have since been fixed, organizations worldwide have failed to patch their software, leaving them open to exploitation. Experts attribute the sluggish pace of many customers’ updates in part to the complexity of Exchange’s architecture and lack of expertise. In Germany alone, officials have said that up to 60,000 networks remained vulnerable.
Small and medium firms are an easier target
All manner of hackers have begun taking advantage of the holes – one security firm recently counted 10 separate hacking groups using the flaws – but ransomware operators are among the most feared, as they block users out of their devices and data until they are paid – most often in cryptocurrencies.
After the discovery, they probably got access to a large amount of vulnerable systems, most of them in small or medium companies that do not have the bandwidth or agility to keep their software updated at all time – and those are seriously at risk.