Hacked: Exchange Servers Worldwide Vulnerable
Exchange Servers Worldwide Hacked
Think Your systems are safe. Read this:
Multiple nation-state groups hacking Exchange servers around the world.
Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers.
The exploitation attempts were first spotted by UK cyber-security firm Volexity on Friday and confirmed today to ZDNet by a source in the DOD.
Volexity did not share the names of the hacking groups exploiting this Exchange vulnerability. Volexity did not return a request for comment for additional details.
The DOD source described the hacking groups as “all the big players,” also declining to name groups or countries.
THE MICROSOFT EXCHANGE VULNERABILITY
These state-sponsored hacking groups are exploiting a vulnerability in Microsoft Exchange email servers that Microsoft patched last month, in the February 2020 Patch Tuesday.
The vulnerability is tracked under the identifier of CVE-2020-0688. Below is a summary of the vulnerability’s technical details:
During installation, Microsoft Exchange servers fail to create a unique cryptographic key for the Exchange control panel.
This means that all Microsoft Exchange email servers released during the past 10+ years use identical cryptographic keys (validationKey and decryptionKey) for their control panel’s backend.
Attackers can send malformed requests to the Exchange control panel containing malicious serialized data.
Since hackers know the control panel’s encryption keys, they can ensure the serialized data is unserialized, which results in malicious code running on the Exchange server’s backend.
The malicious code runs with SYSTEM privileges, giving attackers full control of the server.
Microsoft released patches for this bug on February 11, when it also warned sysadmins to install the fixes as soon as possible, anticipating future attacks.
So what does this mean to your company?? Chances are your Systems Admin doesn’t know either but may be telling you that he has it covered.
Once they are in, they OWN your Exchange Server!
This means they can set it up any way they choose. They can secretly be using your servers for various activities such as spamming, malware distribution and even storage and distribution of child pornography.
Even though you may not be aware of what is happening, how embarrassing would it be if the FBI showed up at your front door with a warrant to seize your digital assets to investigate such a thing. What would it do to your reputation. You know the news would report on the initial raid and paint your business as the culprit. Even if you were not found to be involved the damage to your reputation would have been done.
Hacked: Exchange Servers
Can you afford to wait? Contact us NOW!