A total of 32 Indian organizations were attacked by hackers, who exploited vulnerabilities in Microsoft Exchange servers according to a report from Check Point Investigation. The report says that the financial / banking sector was the most affected industry with 28 percent, followed by government / military (16 percent), manufacturing (12.5 percent), insurance / legal (9.5 percent), while other sectors accounted for 34 percent.
The report shared on March 15 reveals that hacking attempts at organizations have increased tenfold, from 700 to more than 7,200 between March 11-15.
The most attacked country is the United States with 17 percent. It is also the only country with a double digit percentage in these attacks. The United States is followed by Germany (6 percent), the United Kingdom (5 percent), the Netherlands (5 percent) and Russia (4 percent), while other countries in the world account for 63 percent.
The most attacked industry in the world is government / military with 23%. According to the research, despite the Covid-19 pandemic affecting individuals and organizations around the world, healthcare accounts for six percent of attacks on the list of hardest hit industries.
On March 3, Microsoft released an emergency patch to counter hacking groups and tighten the security of its mail server through which virtually anything within Outlook can be accessed, including all incoming and outgoing emails, calendar invitations.
Earlier this year in January, a Taiwanese security company, DEVCORE reported two vulnerabilities. After further investigation, Microsoft discovered five more critical vulnerabilities (four zero-day). However, by then, the attacker had access to a person’s emails or email account without any authentication.
A greater chain of vulnerabilities also allowed the mail to be taken over completely. Once this is done, the hacker has the ability to open the network to the Internet and access it remotely. This made him a great threat to millions of organizations around the world.
“If your organization’s Microsoft Exchange server is exposed to the Internet, and if it has not been updated with the latest patches, nor is it protected by third-party software, then you should assume that the server is completely compromised,” Lotem Finkelsteen, Manager of Threat Intelligence at Check Point Software, it noted in the report.
To execute this attack, the hackers used the Sunburst platform as a gateway to enter and stay within the network for a long time. Since the attack, the purpose of the attack is still unknown. Check Point recommends that organizations not only “take preventive measures on their exchange, but scan their network for active threats and assess all assets.”