Categories: SecurityWorkspace

‘Thousands’ Of UK Firms Hit By Microsoft Exchange Hacks

Thousands of UK email servers are likely to still be vulnerable to unpatched security flaws affecting Microsoft Exchange, authorities have said.

The National Cyber Security Centre (NCSC) estimated some 7,000 email servers in the country were affected by the Exchange bugs, with only half having applied patches.

The agency said it had contacted some 2,300 UK businesses to warn them that their systems had been hacked as part of a free-for-all making use of the vulnerabilities.

The NCSC said it had discovered evidence that web shells, which can be used to access systems and steal information, were discovered on the businesses’ networks.

Ransomware

The presence of a web shell does not guarantee that a data breach has taken place, and once discovered the shells can be removed.

The NCSC issued new guidance on Friday telling businesses it is “vital” that they update Exchange and search for evience of compromise.

The agency’s statement is the first evidence of the scale of the Exchange issue in the UK.

It said ransomware gangs have begun using the flaws to carry out attacks, but that as yet there is no evidence of widespread ransomware attacks using the issues in the UK.

The NCSC said it is particularly concerned about the security of small and medium-sized businesses that may not have heard about the urgent patches Microsoft issued earlier this month.

“We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks,” said NCSC director for operations Paul Chichester.

European impact

“While this work is ongoing, the most important action is to install the latest Microsoft updates.”

Chichester said organsations should search for indicators of compromise on their own networks and familiarise themselves with the guidance around ransomware attacks.

Microsoft said the Exchange flaws were initially exploited for several months by a Chinese state-backed hacking group.

But once the bugs were discovered and made public, a number of other state-backed groups, as well as criminal gangs, rushed to identify vulnerable servers.

Security researchers have estimated as many as 250,000 servers around the world could be vulnerable.

In Europe, the Norwegian parliament and the European Banking Authority both said they had been breached, although the EBA said there was no evidence that information had been stolen.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago