• Cryptocurrency
  • Earnings
  • Enterprise
  • About TechBooky
  • Submit Article
  • Advertise Here
  • Contact Us
TechBooky
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
TechBooky
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Home Security

Vulnerability In Microsoft’s Email Software With Devastating Results

Contributor by Contributor
April 26, 2021
in Security
Share on FacebookShare on Twitter

On Mar. 5, 2021, KrebsOnSecurity broke the news that at least 30,000 organizations and hundreds of thousands globally had been hacked. The same sources who shared those figures say the victim list has grown considerably since then, with many victims compromised by multiple cybercrime groups.

What Happened?

Hackers found four separate security holes in Exchange Server that they used to siphon email communications from Internet-facing systems running Exchange. According to Microsoft officials, hackers have been using all four flaws as part of a complex attack committed by a Chinese cyber espionage group. The group has used the security vulnerabilities to plunder emails.

Hackers found four separate security holes in Exchange Server that they used to siphon email communications from Internet-facing systems running Exchange. #Exchange #Microsoft Share on X

The hackers were able to use vulnerable Exchange Servers that were directly exposed to the internet through the security flaws. This allows hackers to read an organization’s email and export information to a file-sharing site. Hackers may then use this information to commit phishing or ransomware attacks. They may also use software backdoors to steal more data or perform malicious actions that further compromise the organization’s data.

The Chinese espionage group has been known to target entities in the United States, including:

  • Higher education institutions
  • Defense contractors
  • Law firms
  • Infectious disease researchers
  • Non-governmental organizations

How Microsoft Responded to the Attack

On March 2, Microsoft released emergency security updates to plug the four security holes in Exchange Server versions 2013 through 2019 from Internet-facing systems running Exchange.

Dangers of Ransomware Attacks Following the Data Breach

Ransomware is malicious software that typically infects a computer and encrypts all of the data on it so that the owner cannot access their system. There may be a message that says that the owner must immediately pay a large sum of money in order to regain access to their system. The global cost of ransomware is projected to reach $20 billion by 2021. Every 40 seconds, a business falls victim to one of these attacks.

These attacks commonly follow a data breach like the one experienced at Microsoft. In addition to stealing information from email communications, hackers may also install malicious software into the vulnerable systems. They may then demand payment before they will allow the owner to access their own system. Oftentimes, even if the victim pays, the criminal will still withhold the system or demand more money.

These attacks commonly follow a data breach like the one experienced at Microsoft. In addition to stealing information from email communications, hackers may also install malicious software into the vulnerable systems. #Exchange #Email Share on X

Ways to Protect Yourself from Ransomware Attacks

Fortunately, there are several ways that you can increase your organization’s security and prevent ransomware attacks from happening, including:

1.     Learn About the Most Recent Trends

Cyberattacks can change rapidly. However, hackers will often use similar processes as they gear up for an attack. For example, Emotet or Trickbot infections are often an early warning sign of an attack by Ryuk. If you spot any early warning signs, run a full compromise assessment to minimize or eliminate damage.

2.     Be Careful in the Cloud

While cloud services are becoming increasingly popular, this does not make them impenetrable.  Ensure that you have full visibility over cloud services in case attacks are targeting cloud servers.

3.     Update All Software

Software patches are often released once security vulnerabilities like those found in Microsoft’s systems are discovered. Set your systems to update automatically so that you always have the latest and most secure systems and software possible.

4.     Limit Access

Avoid giving access to sensitive business data to everyone in the organization. Segment the data so that your business is not so vulnerable.

5.     Perform Penetration Testing

Have your internet security professionals test out how secure your network is by conducting occasional penetration testing on it. Try to identify any vulnerabilities and correct them before hackers find and exploit them. Make sure that outsider users cannot remotely access your devices.

6.     Train Staff

Your staff is your first line of defense against cybersecurity attacks. Train them well on good cybersecurity practices, such as not opening links or attachments from unverified senders.

7.     Perform Regular Backups

Ransomware attacks are often successful against businesses that cannot easily recreate the data through a recent backup. Perform daily backups to thwart these attacks.

Conclusion

Microsoft’s attack is just the latest attack of its kind. It is now more important than ever to stay protected and to take all steps to defend your business. Follow the steps above to heighten your security, especially if you were one of the Microsoft attack’s victims.

 

 

BIO

David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.

Related Posts:

  • shutterstock_chatgpt
    Researchers Warn ChatGPT Crawler May Cause DDoS…
  • th
    2FA Alert: Gmail, Outlook, Facebook, and X Users at Risk
  • Nigeria Bureau of Statistics Data breach
    Hackers Compromised The NBS Sever, But No Ransomware Yet
  • router-595x335_0
    US And UK Warn Of Custom Malware Vulnerability On…
  • Microsoft Teams
    Microsoft Teams Vulnerability Exposes User Systems
  • GettyImages-472423454-scaled
    Data Of Over 40 Million UK Voters Exposed To Year-Long Hack
  • maxresdefault (1)
    How to Upgrade to Windows 11 for Free As Windows 10…
  • 020tYFWBL4Yz8jIIFUdKDR1-22
    A Fix to Microsoft Windows Defender And Security Flaws

Discover more from TechBooky

Subscribe to get the latest posts sent to your email.

Tags: cybersecurityemailExchange Serverhackerssecurity
Contributor

Contributor

Posts by contributors. You can send in a post to be reviewed and published to info@techbooky.com

BROWSE BY CATEGORIES

Select Category

    Receive top tech news directly in your inbox

    subscription from
    Loading

    Freshly Squeezed

    • AI Helps Google One Reach 150 Million Subscribers May 16, 2025
    • FT Lists Paymenow, TymeBank & Omnisient Among Africa’s Fastest-Growing Firms May 16, 2025
    • MoonPay and Mastercard Partner to Advance Stablecoin Payments May 16, 2025
    • Google Gemini Advanced Users Can Now Link to GitHub May 16, 2025
    • TikTok Accused of Violating EU Internet Content Rules May 15, 2025
    • Activists and Users Criticize NCC & Telcos Over Customer Penalties May 15, 2025

    Browse Archives

    May 2025
    MTWTFSS
     1234
    567891011
    12131415161718
    19202122232425
    262728293031 
    « Apr    

    Quick Links

    • About TechBooky
    • Advertise Here
    • Contact us
    • Submit Article
    • Privacy Policy

    Recent News

    AI Helps Google One Reach 150 Million Subscribers

    AI Helps Google One Reach 150 Million Subscribers

    May 16, 2025
    FT Lists Paymenow, TymeBank & Omnisient Among Africa’s Fastest-Growing Firms

    FT Lists Paymenow, TymeBank & Omnisient Among Africa’s Fastest-Growing Firms

    May 16, 2025
    MoonPay and Mastercard Partner to Advance Stablecoin Payments

    MoonPay and Mastercard Partner to Advance Stablecoin Payments

    May 16, 2025
    Google Gemini Advanced Users Can Now Link to GitHub

    Google Gemini Advanced Users Can Now Link to GitHub

    May 16, 2025
    TikTok Accused of Violating EU Internet Content Rules

    TikTok Accused of Violating EU Internet Content Rules

    May 15, 2025
    Activists and Users Criticize NCC & Telcos Over Customer Penalties

    Activists and Users Criticize NCC & Telcos Over Customer Penalties

    May 15, 2025
    • Login

    © 2021 Design By Tech Booky Elite

    Generic selectors
    Exact matches only
    Search in title
    Search in content
    Post Type Selectors
    • African
    • Artificial Intelligence
    • Gadgets
    • Metaverse
    • Tips
    • About TechBooky
    • Advertise Here
    • Submit Article
    • Contact us

    © 2021 Design By Tech Booky Elite

    Discover more from TechBooky

    Subscribe now to keep reading and get access to the full archive.

    Continue reading

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok