Ransom-seeking hackers have begun taking advantage of a recently disclosed flaw in Microsoft’s widely used mail server software, the company said early on Thursday -- a serious escalation that could portend widespread digital disruption.
The disclosure, initially made on Twitter by Microsoft Corp security program manager Phillip Misner and later confirmed by the Redmond, Washington-based company, is the realization of worries that have been coursing through the security community for days.
For all the latest headlines follow our Google News channel online or via the app.
Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs began using them to shake down organizations across the internet.
Misner didn’t immediately respond to follow-up messages and Microsoft did not return emails seeking further comment. The US Cybersecurity and Infrastructure Security Agency and the FBI also didn’t immediately respond.
Even though the security holes announced by Microsoft have since been fixed, organizations worldwide have failed to patch their software, leaving them open to exploitation. Experts attribute the sluggish pace of many customers’ updates in part to the complexity of Exchange’s architecture and lack of expertise. In Germany alone, officials have said that up to 60,000 networks remained vulnerable.
All manner of hackers have begun taking advantage of the holes -- one security firm recently counted 10 separate hacking groups using the flaws -- but ransomware operators are among the most feared.
Those groups work by locking users out of their devices and data unless the victims cough up big chunks of digital currency. They now potentially have access “into a huge number of vulnerable systems,” said Brett Callow of cybersecurity company Emsisoft.
He said more modest companies -- many of which lack the ability or awareness to update their software -- could be particularly affected by the latest variant of ransomware.
“This is a potentially serious risk to small businesses,” he said.
US President-elect Biden’s options for Russian hacking: sanctions, cyber retaliationPresident-elect Joe Biden’s team will consider several options to punish Russia for its suspected role in the unprecedented hacking of US government ... World News
Russians likely behind Norway’s parliament hacking: Norwegian agencyNorway’s domestic security agency said Tuesday that Russian hackers linked to Russia’s military intelligence service GRU are “likely” behind a ... World News
US officials demand answers to Twitter hacking; company has no security chiefTwitter had stepped up its search for a chief information security officer in recent weeks, two people familiar with the effort told Reuters, before ... Technology
US charges three Iranians over satellite tech firm hackingThe US Department of Justice on Thursday announced charges against three Iranians over allegations they stole information from aerospace and satellite ... World News
US charges five Chinese citizens in hacking campaign that targeted over 100 companiesThe Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and abroad ... World News
UK, US, Canada accuse Russia of hacking coronavirus vaccine trialsBritain, the United States, and Canada accused Russia on Thursday of trying to steal information from researchers seeking a COVID-19 vaccine.The three ... Coronavirus