Microsoft Exchange Server Hack: Unprecedented wave of attacks on unpatched servers

Page 1 of 2

Microsoft closed four vulnerabilities in the Microsoft Exchange server versions 2010 to 2019 with an unscheduled security update on March 3, 2021. Initially, Microsoft presented the threat as relatively minor. Meanwhile, there is an unprecedented wave of attacks on unpatched Exchange instances.

The Federal Office for Information Security (BSI) has declared the red alert.

“The BSI does not give a“ red ”lightly – in this case it was unfortunately appropriate: The weak points in Microsoft Exchange Server are actively exploited and there is a great need for action. Because the weak points are not only immensely widespread, but they are also relatively easy to exploit. Ransomware, the collection of information or the misuse of data: The door and gate are currently open to all of this, because thousands of servers are still unpatched, ”warns Patrycja Schrenk, Managing Director of the PSW GROUP.

She calls for swift action: “Companies, authorities and institutions now not only have to patch, but also look for signs of a break-in. The Hafnium group presumably responsible for the hack has provided accessible Exchange servers with a backdoor. It is important to track them down and render them harmless. In addition, the question arises to what extent the Exchange vulnerability represents a reportable data protection breach, ”says Patrycja Schrenk.

Tens of thousands of companies affected

With Exchange Server, Microsoft offers a service with which e-mail communication can be controlled in networks, but electronic communication can also be checked for harmful files such as viruses. All incoming and outgoing e-mails end up on the corresponding Exchange server; from there they are distributed to the recipients. Although there are alternatives, numerous state and private-sector institutions around the world rely on Microsoft Exchange servers. However, tens of thousands of companies, authorities, even banks or research institutions are also affected by the security gap: Your e-mails can be read, and in the worst case computers can even be controlled remotely. According to the Wall Street Journal, there could be more than 250,000 victims worldwide. The estimates of the companies affected in Germany are between 60,000 and several 100,000. In fact, users of Microsoft’s own cloud solutions are excluded.

“In Germany in particular, self-hosting solutions are used in order to retain data sovereignty, comply with the requirements of the GDPR and thus increase security overall. In this current security incident, the blame must therefore not be spread either on the cloud-tired German companies or on the presumably responsible hafnium group, “says Patrycja Schrenk and sees the responsibility at Microsoft:” After the vulnerability became known at the beginning of January, Microsoft did not change much strives to design updates in such a way that they can be imported promptly. Microsoft took far too long to publicize the vulnerability and provide patches. There was also a problem with patching: Not all of them managed to actually close the vulnerability. In many cases the patches could not be imported because this was not possible with older CUs. Microsoft only made patches possible for outdated CU versions on March 9th, ”says the IT security expert.

Summary: what happened anyway?

The security company Volexity observed attacks on January 6, 2021 via a previously unpublished Exchange vulnerability. In the course of the following weeks there were individual attacks on selected Exchange servers. Microsoft planned to release a security patch on March 9th. However, on February 26th, the Chinese hafnium hacker group started mass scans: Exchange servers that were vulnerable were automatically infected with a webshell. On March 2nd, Microsoft published security updates – and only a few hours after the publication of these unscheduled updates and the four known vulnerabilities – the unprecedented infection of all unpatched Exchange servers accessible via the Internet began. As a result, administrators had little opportunity to react.

.

Call of Duty: Warzone has a new type of trap that forces the end of the game

Call of Duty: Warzone, the battle royale free from the famous Activision war saga, has a serious problem with cheating. Since its launch, he has been battling players who use software modified to obtain an unfair advantage over the rest of the opponents; despite the waves of massive bans -the last one affected more than 60,000 accounts-, the hackers they manage to discover new ways to cheat the game– The last is to make the game suddenly end for all participants.

There is already more than one player who has experienced this situation: to be playing so normal to Call of Duty: Warzone and that, suddenly, the game ends when most of the players are still alive. In the Twitch video inserted below these lines you can see how it happens to the streamer Can while playing battle royale:

Trap or bug?

In another video shared on Twitter, which you can also see below, another user shares what appears to be the same bug: be playing and that the game ends right away. If you notice, both players get the same final victory screen, as if they were the last ones standing, even though there are clearly more opponents still playing.

At the moment the community is betting that it is a new type of trap that the hackers Call of Duty: Warzone have invented to annoy the game or to achieve some kind of benefit for themselves; in both videos the game ends just when the protagonists kill someone from a team of players with strange names, typical of cheaters. It is not yet known if this is the reason for this or not, but everything indicates that it is. The other option is that it may be a fault, a bug that could be fixed by the developers, which would be a relief for the community of the battle royale.

Call of Duty: Warzone is available for free on PS5, Xbox Series X / S, PS4, Xbox One, and PC.

.

Quick Quick Toms – There is no mess or waterlogged with this hack. …

Quick Toms – There is no mess or watery tomes with this hack. #fyp #fypg #jfhx #foodhacks #foodhack #fun #kener #hack #tomato #vegan #vegetarian

@jaxfoodhax

QUICK SKIN TOMATOES – no mess or watery toms with this hack. #fyp #fypg #jfhx #foodhacks #foodhack #fun #kitchen #hack #tomatoes #vegan #vegetarian

♬ original sound – jaxfoodhax

They hacked the company KIA and ask for US $ 20 M not to release millions of data

A group of hackers attacked Kia Motors America and subjected the automaker to ransomware that allegedly shut down vital services like its UVO Link apps, payment system, and sites used by dealers, segn inform Bleeping Computer.

The hackers would have asked for 404.5833 bitcoins to decrypt the data and, at current values, this equates to $ 20,899,559.53. If Kia doesn’t pay fast enough, then the ransom increases to 600 bitcoins ($ 30,994,200). Bleeping Computer He also got the so-called ransom note that the hackers sent to Kia. The letter says that if Kia does not attempt to contact the attackers within three days, some of the data obtained will be made public.. The lawsuits don’t say specifically what kind of data this hack stole.

The ransom note contains a link to a private payment page on the DoppelPaymer Tor site which, once again, indicates that the target is “Hyundai Motor America”. The Tor page says that a “large amount” of data was stolen, or exfiltrated, from Kia Motors America and that it will be published in 2-3 weeks if the company does not negotiate with the threat actors.. DoppelPaymer is known for stealing unencrypted files before encrypting devices and then posting parts on its data breach site to further pressure victims to pay.

As reported by Kia, the automaker denied that it was subject to ransomware. “We are aware of online speculation that Kia is subject to a ‘ransomware’ attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack.” the ad says. .

.