When US government servers and several other security firms were hacked in one of the biggest cyberattacks in US history, we found that some big names like Microsoft also had their servers compromised.
According to a top US cybersecurity official, thousands of Microsoft Exchange servers are still compromised by hackers even after applying fixes. Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said that the email servers owners, whose security was also compromised even before Microsoft Corp. had issued a patch nearly three weeks ago. But, they also must take additional measures to remove the hackers from their networks.
Microsoft has previously warned that “We remain committed to supporting our customers against these attacks, to innovating on our security approach, and to partnering closely with governments and the security industry to help keep our customers and communities secure.”
According to sources, the servers that remain compromised could be used as a launching pad for criminal hackers to initiate ransomware attacks on computer networks. Thus servers contain files that are encrypted and are held ransom in exchange for a payment.
Microsoft, last week, released a tool that allows owners of on-premise Exchange servers to patch the security flaws with one click. However, reports indicate hackers may have already breached those servers and can sit inside computer networks even after the fix is applied.
The Redmond-based giant has said the attack started with a Chinese government-backed hacking group. The group was accused of exploiting previously unknown vulnerabilities in Microsoft’s Exchange business email software.
According to the National Security Council, there are now fewer than 10,000 vulnerable systems remaining in the U.S., down from at least 120,000 at the start.