All UK businesses which use Microsoft’s Exchange software are being urged to check their systems immediately for signs of hacking activity after the National Cyber Security Centre sent urgent messages to more than 2,300 UK firms warning them that they may have already been hacked.
The versions which are affected include Microsoft Exchange Server 2013, 2016 and 2019 and a so-called “defence in depth update” has also been released for Microsoft Exchange Server 2010. Exchange Online (as part of Microsoft 365) is not affected.
The NCSC has been investigating the incident since Microsoft revealed two weeks ago that a group of Chinese state-backed hackers had for months been exploiting a weakness in its Exchange email software and stealing data from organisations around the world.
It is claimed that more than 10 Chinese government-backed hacking groups have been attempting to exploit the flaw, while Microsoft has also issued an alert that hackers using a strain of ransomware known as DearCry are targeting unpatched Exchange servers still exposed to the issue.
There have been reports that up to 250,000 organisations around the world have been hit by the hack, although so far many have remained tight-lipped. The Norwegian Parliament and the European Banking Authority are just two who have fessed up although both say there is no evidence that information has been stolen.
However, the UK is taking no chances and the NCSC said it had contacted thousands of organisations to warn them that it had found hacking activity on their systems and the presence of “web shells”, that can be used to access systems and steal information.
Even so, this does not guarantee that hackers have managed to steal files yet; the malicious software can be removed before a data breach occurs.
The NCSC released new guidance on Friday urging businesses to update their IT systems to eliminate the chance of hackers gaining access to files.
NCSC director for operations Paul Chichester said: “We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks.
“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates. Organisations should also be alive to the threat of ransomware and familiarise themselves with our guidance. Any incidents affecting UK organisations should be reported to the NCSC.”
Gold diggers: cyber criminals driven by the filthy lucra
Hack attack fears push UK cyber security to over £8bn
Data breaches, not rogues, are ICO Public Enemy No. 1
Maasdam busters: Netherlands is EU cybercrime capital
Half of UK firms would pay ransom to avoid GDPR fine
Over 40% of firms suffered cyber breach in past year
Firms warned over new wave of nefarious cyber attacks