Security flaws in Microsoft Exchange lead to a mass cyber attack

A global wave of cyberattacks began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange servers, giving attackers full access to user emails and passwords on affected servers, admin privileges on the server, and access to connected devices on the same network. A zero-day exploit occurs when hackers discover an unpatched vulnerability in a software application before the developers do. Hackers then exploit the known vulnerability and release malware into the victims computer system. It can take days, months, or even years before developers learn of the vulnerability that led to an attack.

As of March 9, it was estimated that 250,000 servers fell victim, including servers owned by 30,000 organizations in the US, 7,000 servers in the UK, and even the European Banking Authority and the Norwegian Parliament. Research shows plenty of unpatched systems remain. Microsoft announced that it suspected the attack was carried out by a state-sponsored Chinese hacking group known as Hafnium.

Hackers used several Exchange vulnerabilities to gain access to the computer systems of all 30,000 organizations, compromising email accounts and installing web shell malware, giving the criminals ongoing administrative access to the victims servers. This is known as a supply chain attack, where a service provider is attacked, which then gives the criminals access to that companys customers. The hackers endgame is not the on-premises servers they put web shells in, but setting themselves up for future attacks of higher value targets those servers may be connected to.

Acer forced to pay a $50 million ransom, the largest known ransom

The ransomware attack on Acer, a computer manufacturer, was a casualty of an earlier attack on Microsoft Exchange (see above), in which hackers used a vulnerability in Microsofts ProxyLogon to target Acer. The purported perpetrators go by the name REvil group, which executed a ransomware attack on Travelex in 2020. The group is known for its high ransom demands, having recently attempted to extract $30 million from pan-Asian retail giant Dairy Farm in February 2021. Ransomware attacks occur when hackers install malware on the victims device, which encrypts files and renders a system inoperable. The data can only be accessed with a decryption key. Attackers also sometimes steal sensitive corporate data and threaten to expose it or sell it on the dark web unless a ransom is paid.

Acers identity and corporate data were reportedly posted on a data leakage site Happy Blog on March 18, and the attackers gave the company until March 28 to pay the ransom of $50 million. If the ransom was not paid by the stipulated date, it would double to $100 million. Research shows that ransomware attacks are on a downward trend from 2020, but that didnt stop hackers from demanding the largest ransom in recorded history.

Security flaws in Microsoft Exchange lead to a mass cyber attack Select 2 correct answer(s) Confidentiality Integrity Availability Question 8 (0.2 points) Acer forced to pay a $50 million ransom, the largest known ransom Select 2 correct answer(s) Confidentiality Integrity Availability