32 Indian Organisations Attacked by Hackers via Microsoft Exchange Server


A new study published last Monday on 8th March cautioned stating that financial and banking institutions in India have been the most preferred target for cyberattacks by con men. At least 32 Indian firms were attacked by hackers who exploited vulnerabilities on unpatched Microsoft business emails. 
However according to Check Point Research, the organizations of finance and banking (28 percent) are being preceded by government/military (16 percent), manufacturing (12.5 percent), insurance/legal (9.5 percent) in the list of attacked institutions. Overall, in the past few years, hacking operations have multiplied over six times (or tripled) in companies utilizing resources of unpatched on-site servers. 

The most attacked country, without a doubt, was the US (21 percent of all exploit attempts), it was preceded by the Netherlands (12 percent) and Turkey (12 percent) along with India. The industry sector was mostly aimed at government/military (27% of all operations), and then production (22%), accompanied by software vendors (9%), researchers pointed out. 

 "A full race has started among hackers and security professionals. Global experts are using massive preventative efforts to combat hackers who are working day-in and day-out to produce an exploit that can successfully leverage the remote code execution vulnerabilities in Microsoft Exchange," said the researchers from the cybersecurity firm. 

Amid reports that some five separate hacker organizations target Microsoft's company email servers, a new family of ransomware has also been found by the tech giant. Identified as "DearCry," the latest ransomware is "used after an initial compromise of unpatched on-premises Exchange servers," stated Microsoft last week in a tweet. The vulnerabilities are the same as those that Microsoft connects with a recent hacking community named Hafnium, which is funded by China. 

A patch for its Exchange Server service, the world's most common email server, was released by Microsoft on 3rd March. The Exchange server provides both incoming and outgoing emails, calendar invites, and nearly everything available within Outlook. 

In January, two vulnerabilities were identified by DEVCORE's Orange Tsai, a security company based in Taiwan. Microsoft was unaware of the full magnitudes of these results and was asked to examine its Exchange server more closely. Five more important vulnerabilities were identified in the research. These vulnerabilities enable an attacker to check messages without authenticating from an Exchange server or accessing an email account. Additional vulnerability chaining helps attackers to take over all the mail servers entirely. 

"If your organization's Microsoft Exchange server is exposed to the internet, and if it has not been updated with the latest patches, nor protected by a third-party software, then you should assume the server is completely compromised," warned Lotem Finkelsteen, Manager of Threat Intelligence, Check Point Software.