You are currently viewing Microsoft SharePoint Hack Exposes Global Servers: Critical Zero-Day Flaw Under Attack
Citation : Image is used for information purposes only. Picture Credit: https://www.impactory.de/

Microsoft SharePoint Hack Exposes Global Servers: Critical Zero-Day Flaw Under Attack

Prime Highlights:

  • There has been wholesale compromise of U.S. government agencies, academia, and international business by a zero-day vulnerability in on-prem Microsoft SharePoint servers.
  • Microsoft quickly patched newer versions shortly after, but the 2016 version remains unpatched, leaving tens of thousands of servers vulnerable to attack.

Key Facts:

  • Attackers only target on-prem SharePoint servers; Microsoft 365 cloud services are unaffected.
  • The attack revealed cryptographic keys, and attackers had an easy time evading security and re-penetrating systems.

Key Background

The latest zero-day vulnerability of Microsoft SharePoint has triggered a worldwide cyberattack, releasing sensitive information and mission-critical infrastructure. The bug concealed on SharePoint servers installed on-premises enabled the attackers to remotely get unauthorized access, steal encryption keys, and affect associated platforms such as Outlook, Teams, and OneDrive. The attack has infected an array of various organizations, including the U.S. federal and state governments, Spanish ministries, Brazilian universities, and big telecommunications and energy providers.

The attackers obtained the keys for the encryption keys used in the attack and are using them to achieve persistence in hacked networks and hence remains an elimination-hard threat even after patching, security professionals warn. The cyber attack was originally discovered by European security professionals who noted that hundreds of thousands of SharePoint servers across the world were vulnerable. Certain public document repositories were at times taken over, leading to disruption of critical operations and also depriving government agencies of access to sensitive documents.

Microsoft released security patches for SharePoint 2019 and SharePoint Subscription Edition on a rapid turnaround to patch the vulnerability. SharePoint 2016 is still open to the vulnerability, with a patch under development. Security agencies such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are urging companies to isolate the affected servers or implement temporary mitigations until patches are installed permanently.

The attack is one of the latest ones that have been causing eyebrows at Microsoft’s response to server critical vulnerabilities in the wake of some major break-ins in the recent past. Experts are seen to recommend that companies must go beyond patching by revoking stolen credentials, rolling cryptographic keys, and through complete forensic analysis so the attackers are effectively rooted out. Otherwise, businesses will remain vulnerable to ongoing data breaches, ransomware, and ongoing espionage attacks utilizing hijacked infrastructure.

Read More: Figma Targets Up to $16.4 B Valuation in Blockbuster NYSE IPO