A total of 32 Indian organisations were hit by hackers, who exploited vulnerabilities in Microsoft Exchange servers as per a report by Check Point Research. The report says that the finance/banking sector was the worst affected industry at 28 per cent followed by government/military (16 per cent), manufacturing (12.5 per cent), insurance/legal (9.5 per cent) whereas other sectors accounted for 34 per cent.
The report shared on March 15 reveals that the hacking attempts on organisations have increased tenfold from 700 to over 7,200 between March 11 and March 15.
The most attacked country is the United States at 17 per cent. It is also the only country with a double-digit percentage in these attacks. The United States is followed by Germany (6 per cent), United Kingdom (5 per cent), Netherlands (5 per cent), and Russia (4 per cent) while other countries in the world account for 63 per cent.
The most targeted industry worldwide is government/military at 23 per cent. As per the research, despite Covid-19 pandemic affecting people and organisations all around the world, healthcare accounts for six per cent of attacks in the list of most targeted industries.
On March 3, Microsoft released an emergency patch to counter the hacking groups and bolster the security of its mail server through which virtually anything can be accessed within Outlook, including all incoming and outgoing emails, calendar invitations.
Earlier this year in January, a Taiwanese security company, DEVCORE reported two vulnerabilities. After further investigation, Microsoft uncovered five more critical vulnerabilities (four zero-day). However, by then, the attacker had access to emails or an individual’s email account without any authentication.
Further vulnerability chaining also enabled to take over the mail altogether. Once that is done, the hacker has the ability to open the network to the internet and access it remotely. This made it a major threat to millions of organisations around the world.
“If your organisation’s Microsoft Exchange server is exposed to the internet, and if it has not been updated with the latest patches, nor protected by a third party software, then you should assume the server is completely compromised,” Lotem Finkelsteen, Manager Threat Intelligence at Check Point Software, pointed out in the report.
In order to execute this attack, hackers used the Sunburst platform as a front door to enter and stay within the network for a long time. Since the attack, the purpose of the attack is still unknown. Check Point recommends that the organisations should not only “take preventive measures on their exchange but scan their network for live threats and assess all assets.”