The European Banking Authority or (EBA) has had its email servers jeopardized in what is believed to be a “global Microsoft Exchange cyber-attack.” The EU organization revealed that personal information may have been retrieved from its servers. As a safety measure, it has since pulled its entire email system offline as it investigates the damage. Part of its investigation is to determine what data was obtained.
Major businesses and governments rely on Microsoft Exchange servers for email.
What Exactly Happened?
According to Microsoft, there was a “vulnerability” found in Microsoft’s Exchange email system. It is also believed that stolen passwords were used to access the system.
With this stolen data, the email server can be controlled remotely and provide easy access to steal the data directly off the network.
White House Press Secretary, Jan Psaki, said,
“Everyone running these servers-government, private sector, academia-needs to act now to patch them.”
Microsoft claims that Hafnium, a Chinese state-sponsored attacker, is to blame. China rejects this assertion.
The US National Security Council urges any compromised companies to take “further steps” and has “encouraged” all organizations to determine if they have been affected.
Is This Just Another Cyber Attack?
For those unfamiliar with the intricacies of cyber attacks and other online crime, this may appear like another instance of stolen information. However, it is considered “extremely serious” for a variety of reasons.
Although this cyber attack is being blamed on Hafnium, there is no clear reason or motive. There are some small-government agencies that have been impacted, those targeted included large banks to smaller businesses.
Hackers seem to be adopting the “new techniques” created by Hafnium at a multiplying rate. Reported attacks are growing exponentially and it is believed that “cyber-criminal gangs” could be taking advantage of the weak link as well.
Who Has Been Targeted?
Preliminary estimates revealed that 30,000 US organizations may have been attacked. However, according to Bloomberg, the attack claimed at least 60,000 victims.
Microsoft’s security officials stated that Hafnium typically “primarily targets entities in the United States”. It also steals information from organizations including “infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs [non-governmental organizations]”.
However, according to Huntress, a cyber-security group, it witnessed at least 300 of its partners’ servers compromised.
Apparently, these attacks don’t fit the typical victim profile.
Microsoft added,
“These companies do not perfectly align with Microsoft’s guidance, as some personas are small hotels, an ice-cream company, a kitchen-appliance manufacturer, multiple senior-citizen communities and other ‘less than sexy’ mid-market businesses.”
It was also discovered that healthcare, banks, and electricity companies were targeted.
As the situation has evolved, Microsoft had updated information and revealed that, by gaining access to onsite Exchange servers, they were able to acquire email accounts and the installation of malware in order to enable “long-term access to victim environments.”
The last update provided by EBA revealed that the “EBA email infrastructure has been secured”. Further analysis indicated that no “data extraction” had taken place and that the evidence showed that the breach did not extend further than their email servers.
A Continued Monitoring Of The Situation
Since EBA has re-secured its email system, the EBA maintains a state of “heightened security alert” and will continue to oversee the situation.