Microsoftโs Exchange Server hack will continue to be the headline in cyberspace for quite a time. This is because half of the companies using Microsoftโs Exchange servers can yet apply the patch for critical vulnerabilities reported. According to F-Secure, vulnerable servers are being exploited by hackers rapidly every day.
Microsoft Exchange Server Hack
Microsoft reported four critical vulnerabilities in its Exchange Server systems, which adversaries could exploit for various other cyberattacks. Weโve heard reports that many have fallen victims already, from private institutions to government agencies and service organizations even after the patch was made available.
Though the maker has released patches for securing these vulnerabilities, about half of the Exchange Server found online are yet to apply them, according to F-Secure, a cybersecurity firm. The rate at which theyโre exploiting the flawed severs is rapid, with F-Secure saying, โTheyโre being hacked faster than we can count.โ
Antti Laatikainen, the senior security consultant at F-Secure, said, โTens of thousands of servers have been hacked around the world. Theyโre being hacked faster than we can count. Globally, this is a disaster in the making.โ Itโs surely is, as hackers breaching the servers can steal the sensitive data and make backdoors for later use.
This is to install ransomware malware and encrypt the systems all at once, thus stopping this business. While itโs warned that the longer the businesses take to patch, the riskier businesses that have applied the update (patch) may not be safe. Researchers say that thereโs no guarantee that businesses havenโt fallen victim to this incident even after patching.
This is because hackers may have already set in a back door even before they applied the patch and were undetectable. Thus, itโs suggested that businesses, even after applying the patch, should scan their networks for suspicious actionsย and block the connections over port 443. Also, the server should be configured to be accessed remotely via a VPN.