As we highlighted in an earlier blog, more than one hundred thousand global organizations running Exchange email servers have been hacked due to backdoors that allowed hackers complete remote control of their servers and access to their emails.
Security experts are now tasked with assisting victims before the hackers revisit their servers and plant additional hacking tools in an attempt to crawl deeper into the victims’ network.
Due to the large number of victims of the attack, recovery efforts have been slow. Unfortunately, victims now face a new challenge because additional hacking groups are competing for control over their vulnerable systems.
The attack was originally attributed to a Chinese cyber espionage group called “Hafnium” because of their previous attacks on Exchange flaws. Many experts now believe that Microsoft’s plan to ship fixes for Exchange flaws was learned by multiple different cybercriminal groups who used this shipment to their advantage.
At this point, there are no signs of the victims of this mass-hack being ransomed, but this could change if the exploit code used to break into vulnerable Exchange servers goes public. If this happens, victims who haven’t patched the breaches in their servers can be compromised by additional hackers.
Nixon offers a notification service called Check my OWA, where users can be notified if their email address matches a domain name for a victim organization. The motivation for this comes from the inability to reach every compromised organization, making this option attractive for the unreachable ones.
The easiest way to avoid repercussions from an attack just like this one is to back up your systems – with one copy being stored completely offline. To learn more about offsite backup for Microsoft Office 365 data check out our Cloud-to-Cloud Office 365 Protection, powered by Veeam.
This article originally appeared on KrebsOnSecurity.