Categories: SecurityWorkspace

‘Thousands’ Of UK Firms Hit By Microsoft Exchange Hacks

Thousands of UK email servers are likely to still be vulnerable to unpatched security flaws affecting Microsoft Exchange, authorities have said.

The National Cyber Security Centre (NCSC) estimated some 7,000 email servers in the country were affected by the Exchange bugs, with only half having applied patches.

The agency said it had contacted some 2,300 UK businesses to warn them that their systems had been hacked as part of a free-for-all making use of the vulnerabilities.

The NCSC said it had discovered evidence that web shells, which can be used to access systems and steal information, were discovered on the businesses’ networks.

Ransomware

The presence of a web shell does not guarantee that a data breach has taken place, and once discovered the shells can be removed.

The NCSC issued new guidance on Friday telling businesses it is “vital” that they update Exchange and search for evience of compromise.

The agency’s statement is the first evidence of the scale of the Exchange issue in the UK.

It said ransomware gangs have begun using the flaws to carry out attacks, but that as yet there is no evidence of widespread ransomware attacks using the issues in the UK.

The NCSC said it is particularly concerned about the security of small and medium-sized businesses that may not have heard about the urgent patches Microsoft issued earlier this month.

“We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks,” said NCSC director for operations Paul Chichester.

European impact

“While this work is ongoing, the most important action is to install the latest Microsoft updates.”

Chichester said organsations should search for indicators of compromise on their own networks and familiarise themselves with the guidance around ransomware attacks.

Microsoft said the Exchange flaws were initially exploited for several months by a Chinese state-backed hacking group.

But once the bugs were discovered and made public, a number of other state-backed groups, as well as criminal gangs, rushed to identify vulnerable servers.

Security researchers have estimated as many as 250,000 servers around the world could be vulnerable.

In Europe, the Norwegian parliament and the European Banking Authority both said they had been breached, although the EBA said there was no evidence that information had been stolen.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

32 mins ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

5 hours ago