FBI, CISA detail risks posed by potential on-premises Microsoft Exchange compromise

Mar 12, 2021 - 02:41 PM

Cyber criminals and nation-state actors believed to be affiliated with the Chinese government continue to exploit recently announced vulnerabilities in Microsoft Exchange on-premises products, posing a serious risk to federal agencies and private organizations, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said this week in a joint advisory.

The advisory provides technical indicators of compromise for which recipients are advised to scan their networks and immediately implement the prescribed patches.

“Successful exploitation of these vulnerabilities allows an attacker to access victims’ Exchange Servers, enabling them to gain persistent system access and control of an enterprise network,” the advisory notes. “It has the potential to affect tens of thousands of systems in the United States and provides adversaries with access to networks containing valuable research, technology, personally identifiable information (PII), and other sensitive information from entities in multiple U.S. sectors. FBI and CISA assess that adversaries will continue to exploit this vulnerability to compromise networks and steal information, encrypt data for ransom, or even execute a destructive attack. Adversaries may also sell access to compromised networks on the dark web.”

John Riggi, AHA senior advisor for cybersecurity and risk, said, “This is now a cyber race. The adversaries are acutely aware that they have been exposed and that their covert access to a reported 60,000 organizations worldwide may end soon as patches are implemented. They will no doubt attempt to exfiltrate as much data as possible, conduct ransomware attacks or burrow deeper into the networks before their access ends. It is imperative that affected organizations implement the prescribed patches as soon as possible. Breach reports or request for assistance from the government should be directed to the FBI’s 24/7 CyWatch at 855-292-3937.”

For further information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
Agencies release guidance on hardening network devices in response to cyber espionage campaign by hackers linked to Chinese government
New guidance released yesterday by the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI informs health care and other…
Headline
Advisory warns of activity by BianLian ransomware group 
A joint advisory released Nov. 20 by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and international partners warns of…
Headline
DOJ: Russian national charged with cybercrimes for ransomware attacks on hospitals, other entities 
The Department of Justice Nov. 18 announced criminal charges against Evgenii Ptitsyn, a Russian national, for allegedly administering the sale, distribution…
Headline
UN Security Council meeting discusses impact of ransomware attacks on hospitals 
A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health…
Headline
AHA's Pollack breaks down role of hospitals in the future of health care on Pinkston podcast 
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…
Headline
Agencies provide cyberthreat updates and resources leading up to election 
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…