Hacks on Exchange servers keep flooding in

Get a free Techzine subscription!

Thousands of reports of attacks on Exchange vulnerabilities are still coming in every day. Researchers say that the servers are being hacked faster than they can count.

The researchers from cybersecurity firm F-Secure are urgently warning users with Exchange servers to install the patches. “Tens of thousands of servers have been hacked around the world. They are being hacked faster than we can count. Globally, this is a disaster in the making,” said Antti Laatikainen, senior security consultant at F-Secure in a blog post.

Only half the servers have been patched

According to F-Secure researchers, only about half of all servers that are visible from the internet have been patched. The problem is not immediately solved by installing the patches either, emphasises Laatikainen. “Never in the past 20 years that I’ve been in the industry, has it been as justified to assume that there has been at least a digital knock at the door for every business in the world with Exchange installed. Because access is so easy, you can assume that majority of these environments have been breached.”

Nevertheless, Laatikainen thinks the extent of the damage can still be limited. “The GDPR data protection regulation demands that theft of personal data must be reported to the data protection authorities within 72 hours. You have to expect that the number of GDPR breach reports coming in the next few weeks will be historic. Your company doesn’t have to be on the long list of organizations reporting breaches tomorrow if you take the right steps today.”

Closing the vulnerabilities is not difficult

And these are not difficult steps to take. Microsoft is doing everything possible to make it as easy as possible to close the vulnerabilities in Exchange Server. Basically it’s just a matter of installing the latest updates on the vulnerable system and the software running on it.

If this is not possible for any reason, Microsoft also offers a tool that closes the most important vulnerability with one click and scans the system for possible intrusions. If the administrator cannot manage this either, Microsoft Defender has also been given a large part of the tool’s functionality. This solves the problem automatically, provided that Defender is activated and can update itself.

Tip: Microsoft Exchange Server hacked, what are the consequences?