Microsoft fixed the problem a year ago, but the Russians didn’t bother to install a system update. Now they have to pay up to $10,000.
Hackers infiltrated many companies from Russia and demanded ransom for stolen corporate data. The Russian site CNews writes about it, citing the analytical firm BI.ZONE, which specializes in digital risks.
Since August 2022, hackers have hacked dozens of companies, mostly small and medium-sized businesses, using a vulnerability in the Microsoft Exchange corporate mail service. According to BI.ZONE, the attackers used a special program that infiltrated the mail server and allowed them to download all the letters with the files attached to them.
Teimur Kheirkhabarov, Head of BI.ZONE’s Cyber Threat Monitoring, Response and Investigation Department, explained that the Microsoft Exchange vulnerability used was discovered last fall and developers quickly fixed it. The victims of the attacks were Russian companies that did not install the update on the server.
Companies didn’t notice the hack and didn’t know about the data leak until cybercriminals started sending email messages to security experts. [email protected] In these, the attackers offered to pay for the services of a “security audit” in exchange for the return of their databases, and in fact demanded a ransom and in some cases up to $10,000.
Positive Technologies researchers calculated that the number of attacks against Russian companies in the first half of 2022 increased by 18% compared to the previous half of the year. Small businesses are less likely to be affected by cybercrime than medium and large businesses. Hackers often exploit vulnerabilities in company network equipment and discover them through mass scanning. They’ve created scripts that auto-attack as soon as a breach is found on the defense.
Social engineering methods such as phishing are very popular. With their help, hackers obtain credentials or other confidential information. For example, victims are sent emails with “viruses” that help steal data, encrypt files, or use computers to secretly mine cryptocurrencies.
Earlier, the IT army of Ukraine hacked the Central Bank of the Russian Federation and seized 27 thousand files. According to the hackers, they had employee data and company documents.
Prior to that, Ukrainian hackers hacked the 1C system and made public the data of thousands of Russians, including their names, logins, passwords, emails. This information can then be used to hack the personal accounts of Russian residents.
Source: Focus
Ashley Fitzgerald is an accomplished journalist in the field of technology. She currently works as a writer at 24 news breaker. With a deep understanding of the latest technology developments, Ashley’s writing provides readers with insightful analysis and unique perspectives on the industry.