Flaws in Microsoft’s email server software mean hundreds of thousands of businesses around the world may have been implanted with spying tools.Credit:AP
According to Microsoft,the hackers had targeted the software to monitor or steal email communications. It also warned the hackers could install additional spying tools on affected computers. Beijing has rejected Microsoft’s allegations with a Chinese foreign ministry spokesman saying that the country “firmly opposes and combats cyber attacks and cyber theft in all forms.”
While Microsoft had originally said the attack was limited to US government agencies and businesses,the problem appears to be more widespread. The Australian Cyber Security Centre (ACSC) has advised local businesses to immediately install the latest security updates.
Loading
“The ACSC strongly encourages administrators apply these security patches to their systems promptly,” itsaid in an alert.
US security researcher Brian Krebsreported over the weekend that there were hundreds of thousands of victim organisations worldwide,citing anonymous cyber experts who had briefed national security staff. These include at least 30,000 US organisations,ranging from small businesses to local governments,he said.
Microsoft has asked companies that use a computer server with Exchange installed on it to download and apply the latest security update to protect their systems. However Mat Gangwer,senior director of managed threat response at security company Sophos,said updating the software (also called patching) was only the first step and doesn’t necessarily remove the danger.
Hackers using the Exchange exploits have also been planting software known as “web shells” into compromised systems,which they can keep using to access systems even after they have been updated.