The fallout of hundreds of thousands of on-premises Microsoft Exchange servers worldwide is starting to unfold, and it’s likely to be enormous. The growing scale of attacks like this one, coupled with the growing number of connected devices to attack, is causing deep concern in government and business communities alike.
The Worldwide Microsoft Exchange Hack
The biggest current cybersecurity news story is the widespread hack of on-premises Microsoft Exchange servers using a recently discovered vulnerability. Tens of thousands of companies in the US have been compromised. Many of them had web shells placed on their networks, providing the hackers future access to the networks.
These exploits are already being used to deploy a new wave of ransomware demanding tens of thousands of dollars from compromised businesses – and the situation is still unfolding by the hour.
CNBC: Ransomware Claims up 150% since 2018, may cost $10.5 Trillion by 2025
The SolarWinds and Microsoft attacks are leading technology professionals to raise the red flags far higher than they were even at the beginning of the pandemic. CNBC Reports that AIG has seen ransomware claims more than double over a two year period. Cybersecurity Ventures estimates ransomware damages will grow from an incomprehensible $6 trillion in 2021 to $10.5 trillion in 2025.
Businesses have more devices than ever connected to the internet each adding another point for a cybercriminal to attack in the right (or wrong) situation. This week in Dark Reading, a VP at power management company Eaton discusses a couple of recent real-world attacks aimed at unusual devices that resulted in loss of sensitive data. One attack stole over 40 million credit cards using a connection through Target’s HVAC management company.
A casino had high-roller customer data stolen by hackers using an even less expected entry point. They gained a foothold through a smart thermometer in the casino’s lobby fish aquarium.