Microsoft’s Exchange Server hack will continue to be the headline in cyberspace for quite a time. This is because half of the companies using Microsoft’s Exchange servers can yet apply the patch for critical vulnerabilities reported. According to F-Secure, vulnerable servers are being exploited by hackers rapidly every day.
Microsoft Exchange Server Hack
Microsoft reported four critical vulnerabilities in its Exchange Server systems, which adversaries could exploit for various other cyberattacks. We’ve heard reports that many have fallen victims already, from private institutions to government agencies and service organizations even after the patch was made available.
Though the maker has released patches for securing these vulnerabilities, about half of the Exchange Server found online are yet to apply them, according to F-Secure, a cybersecurity firm. The rate at which they’re exploiting the flawed severs is rapid, with F-Secure saying, “They’re being hacked faster than we can count.”
Antti Laatikainen, the senior security consultant at F-Secure, said, “Tens of thousands of servers have been hacked around the world. They’re being hacked faster than we can count. Globally, this is a disaster in the making.” It’s surely is, as hackers breaching the servers can steal the sensitive data and make backdoors for later use.
This is to install ransomware malware and encrypt the systems all at once, thus stopping this business. While it’s warned that the longer the businesses take to patch, the riskier businesses that have applied the update (patch) may not be safe. Researchers say that there’s no guarantee that businesses haven’t fallen victim to this incident even after patching.
This is because hackers may have already set in a back door even before they applied the patch and were undetectable. Thus, it’s suggested that businesses, even after applying the patch, should scan their networks for suspicious actions and block the connections over port 443. Also, the server should be configured to be accessed remotely via a VPN.