A recently disclosed flaw in Microsoft’s widely used mail server software is being targeted by hackers who seek ransom, claimed a researcher and added that there can be widespread digital disruption if there is a serious escalation of the hacking attempts.
Microsoft Corp security program manager Phillip Misner made this disclosure on Twitter which underscores the concerns that have been gushing through the security community for days.
The discovery of serious vulnerabilities in its Exchange software was announced by Microsoft on March 2 and since then warnings have been issued by experts that ransomware gangs would soon start to exploit the flaw and target organization across the internet.
There were no further comments on the issue by Misner as well as from Microsoft. There were also no comments available from the United States Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation.
Even though the company has fixed the security holes that it had announced, companies and other organizations using the software have not been able to patch their software which have left them vulnerable to exploitation. up to 60,000 networks were still vulnerable in Germany alone, officials have said.
Even though the fixes are free, the complexity of Exchange’s architecture has been blamed in part by experts for the sluggish pace of many customers’ updates.
The flaw is being attempted to be exploited by all types of hackers and in a recent revelation, 10 separate hacking groups using the flaws was identified one security firm recently. But the most feared are the ransomware hackers.
The modus operandi of the ransomware hacking groups lock users out from accessing their devices and data and demand big chunks of digital currency for giving back access to the devices. The ransomware hacking groups now potentially have access “into a huge number of vulnerable systems,” said Brett Callow of Canadian cybersecurity company Emsisoft.
The latest variant of ransomware could particularly impact those companies that are more modest as many of them lack the ability or awareness to update their software, he said.
“This is a potentially serious risk to small businesses,” he said.
(Adapted from ChannelNewsAsia.com)