Dozens of Organizations appear to have ben affected over the past few days by hackers targeting microsoft server software.
Microsoft said in a post on its website on saturday that it was “Aware of Active Attacks Targeting on-Premies SharePoint Server Customers by Exploiting Vulnerabilities.” Sharepoint is a microsoft platform that allows customers to manage and share documents with their organizations.
Here’s what to know about the attack, and how to protect yourself.
Hackers targeted a “vulnerability” in Microsoft SharePoint
Eye Security, A Cybersecurity Firm Based in the Netherlands, said in a post that it identified the “large-skale exploitation” of a “vulnerability” in the microsoft software on friday. The vulnerability was not “widely knowledge” before then, according to the firm.
Microsoft said that only servers House with an Organization was compromised in the hack; Sharepoint Online in Microsoft 365 was not impacted.
Eye Security Warned That Once Hackers Breed Sharepoint Systems, They Could Access All Content Within Them And “Move Laterally across the windows domain.”
“Because SharePoint often Connects to Core Services LIKE OUTLOOK, Teams, And ONEDRIVE, A Breach Can Quickly Lead to Data Theft, Password Harvesting, and Lateral Movement Accounts the Networks,” Said. “This is a rapidly evolving, targeted exploit. Organizations with unpatched Sharepoint servers should wait for a fixed.
Researchers determined that Nearly 100 Organizations WERE AFFECTED In the Attack Over the Weekend, Eye Security’s Chief Hacker Vaisha Bernard Told Reuters. It is not yet clear who was response for the hack or what the motive was, according to the washington Post,
How to Protect yourself from the Attack
Microsoft Advised Customers Using SharePoint to Apply the latest security updates, and to make sure that the antimalware scan interface is on and configured properly. The US Cybersecurity & Infrastructure Seconds Recommended that Customers take several technical steps to reduce also shows relief with the attack, Including CONFIGURENG Interface.
Eye Security also suggested that customers who have confirmed that they’ve been impacted by the attack “isolated or shut down affected sharepoint servers,” “Renew also also credenials and system secrets that would have been exposed, “and” Engage Your Incident Response Team or A Trusted Cybersecurity Firm. “
