Microsoft Corp has detected and blocked the “new family of firefighters” that were being used on servers that were not yet safe after a major security breach last week.
The review released Friday is a temporary measure of protection against attacks, which have already occurred in many areas, the company said.
The company has acquired Chinese government-sponsored robbery suspects using previously unknown threats in Microsoft’s widely used Microsoft email exchange software in early March. Even if it does get a glimpse of those programs, hackers rush to find companies that would install Microsoft fix.
BitSight Technologies, a Boston security company, said that based on an internet-wide scan it conducted this week, about a third of Microsoft Exchange customers are at risk of compromising their systems. Those customers will now be at risk of new attacks on powders until the stains are removed.
The hackers exploited the vulnerabilities introduced in the initial attack, including secret entry points installed in the victims’ programs, to gain access. Governments have been hunting for businesses to install these tags – the Australian government has issued at least three warnings in nine days – and Microsoft has warned organizations to take immediate action to prevent damage.
This latest update “means that Microsoft is concerned that people have never matched it,” said Robert Potter, a cybersecurity expert based in Canberra, Australia. “Once you are beaten, there is very little you can do. You are confident that your backups will work, because you will not be removed from the encryption. ”
Rhlengware’s targets so far have been small-scale organizations that have been hacked by hackers using a simple malware called DOJOCRYPT or DearCry, said Kimberly Goody, chief of crime analysis at Mandiant Threat Intelligence. Smaller companies are less likely to have IT staff dedicated to filing patches quickly.
Network monitoring company RiskIQ, which works closely with Microsoft, says the number of Exchange servers at risk has dropped over the past 10 days, from hundreds of thousands to about 83,000. But their data analysis also shows that banking networks, health care and medical facilities remain vulnerable, as do local, national and local government programs.
“If SolarWinds were a strategic strike, this would be a nuclear bomb,” said Elias Manousos, CEO and founder of RiskIQ. “The attackers are trying to create as much chaos as possible.”