More than 10,000 organizations around the world are at risk from hackers after a serious security flaw was discovered in Microsoft’s popular Sharepoint platform, used to store and share confidential documents. The majority of companies at risk are said to be in the US.
Update: Bloomberg reports that the National Nuclear Security Administration was among the organizations breached – see the end of the piece …
Microsoft said that there were “active attacks targeting on-premises servers.” US federal and state agencies are among the organizations said to have been affected.
Security researchers cited by Bloomberg said that the vulnerability was a “dream” for hackers, including ransomware attackers.
Cybersecurity firms cautioned that a broad section of organizations around the world could be affected by the breach. Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of those companies, followed by the Netherlands, the UK and Canada, he said.
“It’s a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well,” he added.
Statements by Palto Alto Networks and Google’s Threat Intelligence Group both described the risks as “serious” and “significant.”
Microsoft said that it has issued a security patch for SharePoint Subscription Edition, and is “actively working” on similar ones for SharePoint 2016 and 2019. However, Eye Security, which was first to identify the flaw, said that this might not be enough.
Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems.
Microsoft has issued instructions for recommended precautions affected organizations should take, but given the current uncertainties, I’d add another one: if you have sensitive documents stored on Sharepoint, you may want to remove them for now.
Update: National Nuclear Security Administration breached
Bloomberg reports:
The US agency responsible for maintaining and designing the nation’s cache of nuclear weapons was among those breached by a hack of Microsoft Corp.’s SharePoint document management software, according to a person with knowledge of the matter.
No sensitive or classified information is known to have been compromised in the attack on the National Nuclear Security Administration, said the person, who wasn’t authorized to speak publicly and asked not to be identified.
Highlighted accessories
Photo by BoliviaInteligente on Unsplash
FTC: We use income earning auto affiliate links. More.
