European Banking Authority’s email servers compromised in cyberattack

European Banking Authority’s email servers compromised in cyberattack

It has been reported that the European Banking Authority’s email servers have been compromised in a global Microsoft Exchange cyberattack. The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage.

In a statement it said: “The EBA is working to identify what, if any, data was accessed.”

On March 2, Microsoft released patches to tackle four severe vulnerabilities in Microsoft Exchange Server software. At the time, the company said that the bugs were being actively exploited in “limited, targeted attacks.”

Commenting on the news Mark Bower, SVP at comforte AG, said: “The recent threat to Microsoft Exchange servers has the potential to go far beyond just email itself. CISA’s recent guidance indicates the potential for server and downstream system compromise which is extremely concerning for leaders of affected organizations.

“The capacity for attackers to extract sensitive data from emails, spreadsheets in mailboxes, insecure credentials in messages, as well as attached servers presents an advanced and persistent threat with multiple dimensions. “This is yet again a reminder to take steps to discover sensitive data exposure, protect it, and ensure the security isn’t limited to infrastructure and perimeter controls that were no barrier to this extensive and damaging attack. I predict affected entities and their supply chain partners will see persistent secondary impact as a result over a long period of time.”

Browse our latest issue

Intelligent CISO

View Magazine Archive