NCSC issues Exchange hack warning as Microsoft probes security partner leak

An estimated 7,000 UK servers have been affected by the vulnerabilities and only half have been secured

The National Cyber Security Centre (NCSC) has urged businesses to patch against recently disclosed vulnerabilities in Exchange as Microsoft investigates whether hackers exploiting the flaws had obtained information from its security partners.

Businesses should install the latest Microsoft Exchange updates “as a matter of urgency”, as well as search their systems for evidence of compromise, according to the latest advice from the NCSC. The government agency asked any affected UK organisations to disclose “any suspected compromises” via the NCSC cyber security incident reporting website.

The agency has confirmed that an estimated 7,000 UK servers had been affected by the vulnerabilities, of which around half have already been secured.

NCSC director for Operations Paul Chichester said that “organisations should also be alive to the threat of ransomware and familiarise themselves with [the NCSC’s] guidance”. 

Chichester said that the agency is “working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks”.

“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates,” he added.

The guidance came as Microsoft launched an investigation into whether an unnamed Microsoft security partner, which had access to sensitive information on the vulnerabilities behind the attacks, had leaked the intelligence to hacking groups – and whether it had done so by accident or on purpose.

Insider sources told the Wall Street Journal that the tech giant was in the process of reviewing the Microsoft Active Protections Program (Mapp), an information-sharing programme launched in 2008 with the aim of providing security companies a head start in detecting cyber security threats. 

A number of Mapp partners had knowledge of the vulnerabilities since 23 February, a week prior to the release of patches and the launch of the attacks, according to the sources. Out of the estimated 80 organisations involved in the programme globally, about 10 are based in China – where the state-sponsored Hafnium group is said to be operating from.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Hafnium has been accused of orchestrating the attacks immediately after they were first reported, with Microsoft’s corporate VP of Customer Security & Trust, Tom Burt, saying that “while Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States”.

“Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs,” he said, adding that the group “engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software”.

However, since then it has been revealed that at least 10 other hacking groups were also involved in exploiting the Exchange Server vulnerabilities.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

What is cyber warfare?
Security

What is cyber warfare?

23 Mar 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO
Hardware

Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO

8 Apr 2021