NCSC issues Exchange hack warning as Microsoft probes security partner leak

An estimated 7,000 UK servers have been affected by the vulnerabilities and only half have been secured

The National Cyber Security Centre (NCSC) has urged businesses to patch against recently disclosed vulnerabilities in Exchange as Microsoft investigates whether hackers exploiting the flaws had obtained information from its security partners.

Businesses should install the latest Microsoft Exchange updates “as a matter of urgency”, as well as search their systems for evidence of compromise, according to the latest advice from the NCSC. The government agency asked any affected UK organisations to disclose “any suspected compromises” via the NCSC cyber security incident reporting website.

The agency has confirmed that an estimated 7,000 UK servers had been affected by the vulnerabilities, of which around half have already been secured.

NCSC director for Operations Paul Chichester said that “organisations should also be alive to the threat of ransomware and familiarise themselves with [the NCSC’s] guidance”. 

Chichester said that the agency is “working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks”.

“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates,” he added.

The guidance came as Microsoft launched an investigation into whether an unnamed Microsoft security partner, which had access to sensitive information on the vulnerabilities behind the attacks, had leaked the intelligence to hacking groups – and whether it had done so by accident or on purpose.

Insider sources told the Wall Street Journal that the tech giant was in the process of reviewing the Microsoft Active Protections Program (Mapp), an information-sharing programme launched in 2008 with the aim of providing security companies a head start in detecting cyber security threats. 

A number of Mapp partners had knowledge of the vulnerabilities since 23 February, a week prior to the release of patches and the launch of the attacks, according to the sources. Out of the estimated 80 organisations involved in the programme globally, about 10 are based in China – where the state-sponsored Hafnium group is said to be operating from.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Hafnium has been accused of orchestrating the attacks immediately after they were first reported, with Microsoft’s corporate VP of Customer Security & Trust, Tom Burt, saying that “while Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States”.

“Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs,” he said, adding that the group “engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software”.

However, since then it has been revealed that at least 10 other hacking groups were also involved in exploiting the Exchange Server vulnerabilities.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Nearly seven in ten CISOs expect a ransomware attack
ransomware

Nearly seven in ten CISOs expect a ransomware attack

19 Oct 2021
Acer Taiwan falls victim to cyber attack
hacking

Acer Taiwan falls victim to cyber attack

18 Oct 2021
Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021