Companies and governments around the world were alerted over the weekend by Microsoft after the detection of large -scale cyber attacks worldwide. , platform widely used by public and private institutions for document sharing.
Next, check out the main questions and answers about the cyber attack that has reached Microsoft’s sharepoint servers.
Hackers explored severe vulnerability on SharePoint, software used for document management and sharing in corporate environments. Failure exclusively affects local servers, leaving out the cloud version, sharepoint online.
Enjoy!
NFL in Brazil: Extra Tickets
NFL Game in SP: With XP card you compete for 10 pairs of tickets
Because it is a platform widely used in critical structures and high security protocols, SharePoint commitment offers great impact potential for invaders.
Why is the new attack on SharePoint considered critical?
Vulnerability in Microsoft’s SharePoint software has allowed hackers to access used document management servers by government agencies and companies. The “zero-day” flaw was explored even before any correction is available, reaching tens of thousands of servers around the world, according to experts heard by the Washington Post.
According to the US Cyber and Infrastructure Security Agency (CISA), Brecha allows access to file systems, internal configurations and codes execution remotely, which can fully compromise the organization’s digital environment.
Continues after advertising
What is a zero-day attack?
It is an attack that explores a vulnerability still unknown by the manufacturer at the time of the invasion. This is exactly what happened in this case, according to Microsoft and experts such as Eye Security, a Dutch company that identified the first evidence of the attack.
What versions of SharePoint were affected?
Microsoft has confirmed that the attacks target the servers of SharePoint Subscription Edition, SharePoint 2019 and SharePoint 2016 versions. A security patch has already been released for latest versions, but there is no definitive correction for SharePoint 2016 yet.
Who is being affected by the attacks?
According to Washington Posttargets include US federal and state agencies, energy companies, an Asian telecommunications operator, as well as universities, including one in Brazil.
Continues after advertising
More than 10,000 organizations are estimated to be at risk, with higher concentration in the US, the United Kingdom, the Netherlands and Canada. According to the Center for Internet Security, about 100 entities – between public schools and universities – have been notified that they could be committed.
How do hackers act and what are the real risks?
According to Eye Security, the invaders have been able to steal cryptographic keys that allow us to pass users or legitimate services, even after the application of updates. In some cases, they were identified “backdoors”That guarantee continuous access to systems. An anonymous researcher has reported to the Washington Post that“ making a patch available now does not help who has been compromised in the last 72 hours ”.
“Anyone who has a sharepoint server hosted internally has a problem,” Crowstrike from the newspaper told Adam Meyers. Palo Alto Networks Pete Renals, on the other hand, warned that hackers are trying to explore thousands of globally servers before an update is available.
Continues after advertising
Was there data loss?
There are records of sequestration of integer document repositories. An employee of a US state government told the Washington Post that the invaders took control of a public digital collection, leaving the material inaccessible. It is not yet known if the data have been erased, but this kind of attack, called “wiper”It is considered rare and worrying.
What does Microsoft say about the case?
The company has stated at X that it is working in conjunction with CISA, the US Department of Defense Department of Defense Defense Command and other entities to mitigate damage. It also recommended that users of affected versions immediately apply safety updates.
What are the recommendations for companies?
Microsoft advises that if patch application is not possible, SharePoint servers should be disconnected from the internet as a preventive measure. The update is now available for subscription and 2019 versions; The correction for SharePoint 2016 is under development.
Continues after advertising
How are the authorities reacting?
CIS (CIBERNETIC SECURITY AND INFRASTRUCTURE AGENCY (CISA) was alerted by a research company on Friday and contacted Microsoft immediately, spokeswoman Marci McCarthy said. The agency has worked “without rest” in the case. The FBI confirmed that it was collaborating with public agencies and the private sector. State governments such as Arizona held emergency meetings to coordinate responses with local and indigenous authorities.
Is this the first time Microsoft has been like something similar?
No. The company has already faced other serious flaws. In 2023, an investigation revealed that Chinese hackers accessed e-mails from US officials due to exchange online safety failures. More recently, Microsoft was criticized after the revelation that China -based engineers worked on projects related to the US Department of Defense. In response, the company announced that it would stop using these professionals in these activities.
(With information from Washington Post and Forbes)
