Microsoft Exchange security breach: more than 400 Belgian IT systems infiltrated
On Sunday, he had already warned of a possible “tsunami of cyberattacks” which could occur in the weeks to come. Microsoft announced in early March that it had identified a security flaw in Exchange that would allow cybercriminals to gain access to the entire network of a company or organization. Updates correct the problem, but users must install them themselves.
“From the lists of vulnerable servers, we were able to detect more than 400 systems where some form of intrusion has occurred. This means that malicious parties have entered these systems and are now waiting to take action,” specifies the Center for cybersecurity Belgium, which fears that organizations and companies are victims of ransomware (ransomware) or that data will be stolen in the days and weeks to come.
Many vulnerable servers have been updated, but more than 1,000 systems are still vulnerable, according to the center.
Concretely, cybercriminals install “web shells”, which give them remote access and control via an online server. “This allows them to keep a line of communication open, so to speak, in order to launch an attack at a later stage. In the listings we looked at, we found at least 400 servers with a web shell installed. In other cases, hackers may have installed other malware, in addition to the web shells in question, in order to mount an attack at a later date, such as ransomware, “the Center for Cyber Security said in a statement.
As for the companies which carried out the updates, they must remain vigilant and continue to monitor their systems, traces can still be left between the intrusion and the updates.
Businesses and organizations that use Exchange Online with a hybrid setup or an on-premises Exchange server for administrative applications should immediately update systems, remove web shells, verify what happened, and detect any suspicious activity, again recommends. Center for cybersecurity Belgium.