European Banking Authority hit by Microsoft Exchange hack

European Banking Authority hit by Microsoft Exchange hack

It has been reported that the European Banking Authority’s email servers have been compromised in a global Microsoft Exchange cyber-attack. The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage.

An EBA statement said: “At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers.”

Microsoft Exchange servers are widely used for email by major businesses and governments. But few organisations have yet admitted being hit by the attack.

On March 2, Microsoft released patches to tackle four severe vulnerabilities in Microsoft Exchange Server software. At the time, the company said that the bugs were being actively exploited in “limited, targeted attacks.”

Sources have told cybersecurity expert Brian Krebs that approximately 30,000 organizations in the US have been hacked so far. Bloomberg estimates put this figure closer to 60,000, as of March 8.

Commenting on the recent events, Oliver Tavakoli, CTO, Vectra AI said “The hack involved the combined exploitation of multiple 0-day vulnerabilities, starting with an OWA SSRF vulnerability and then proceeding to the exploitation of other vulnerability to burrow deeper into the inner workings of the server.

“Patching the Exchange servers will prevent an attack if their Exchange server has not already been compromised. But it will not undo the foothold attackers have on already compromised Exchange servers. Microsoft has published a technical blog on how to recognize signs that an Exchange Server is already compromised.”

Morey Haber, CTO & CISO at BeyondTrust added “The motives of the threat actors are unclear, but one thing is certain. They are wearing our security professionals down even further and we have yet another massive breach to clean-up. The damage and source of the attack will only become more apparent in the next few days. Welcome to 2021. The year of massive cyber-attacks.”

Browse our latest issue

Intelligent CISO

View Magazine Archive