Hackers Found a Vulnerability and Attacked Microsoft: How to Protect your Business from Cybersecurity Threats

Microsoft Server Attack

Due to a vulnerability in Microsoft mail servers, hackers managed to attack more than 60,000 companies and organizations in the United States, Europe, and Asia. The number of victims may increase, and in the United States the incident has already been called a “global cybersecurity threat.”

So what exactly happened and why it is important to test your company on cyber threats and implement secure development?

A couple of days ago, Reuters reported a massive hacking of Microsoft Exchange mail servers. At that time, it was about 20,000 affected organizations. The vulnerability allowed unauthorized individuals to gain full access to the organization’s server and data.

In two days, it became known that the number of affected organizations had grown to 60,000 and it will grow. Attacked companies are in the United States (about 30,000), Europe and Asia.

Hacker group tried to obtain information on infectious diseases research, and other analytical data. Private companies, city administrations, and non-governmental institutions were affected as well.

Microsoft Exchange Server users are urgently advised to install fresh updates from the company. Even if the server is not hacked now, there is a threat that the organization could be targeted by hackers in the future. In addition, Microsoft has posted a script on GitHub that will detect the fact that its servers have been hacked.

The US government has already called the incident a “global cybersecurity threat” because of the scale of the incident: tens of thousands of small and large organizations were affected only in the States, and the same number around the world. The White House administration also announced that it is actively working on researching the problem, collaborating with Microsoft and developing possible responses.

Hafnium Hacker Group

According to Microsoft, a group called Hafnium from China is behind the massive hacker attack. Chinese officials have already said they have nothing to do with the attacks and condemn such actions.

The Hafnium hackers have been active for months. At first, no one noticed their actions due to the small scale of the attack. Later, the group managed to automate the process of counting the infected servers, numbers went up to tens of thousands.

At the same time, a vulnerability in Microsoft servers was found last year. Taiwanese organization reported the vulnerability to Microsoft. And a week later, hackers from Hafnium began to exploit the security hole. After this story became known, the Taiwanese and American companies launched an internal investigation to check where the leak came from.

Microsoft urgently released an update for Microsoft Exchange, but there are two big issues. First, it closes a security hole, but will not help those systems that have already been compromised. Secondly, it is incredibly slow for users to update their systems.

The problem is, after Hafnium, other hacker groups also began to use the vulnerability for their targeted attacks. As a result, the rate of distribution of the hack has reached an alarming level. Experts admit that the problem is serious since many companies simply do not have the resources and experience to provide high-quality protection against cyber threats.

According to the New York Times, Microsoft has been trying for many years to move its customers to the cloud, where the company can install protection and all the necessary updates on its own.

Hacker Attack Modeling

The best way to prevent your company from hacks is to model the situation. The easiest way is to pentest your company. The purpose of penetration testing is to assess the effectiveness of the protection systems used and the readiness of the company’s information infrastructure as a whole to cyber attacks.

As part of the penetration test, it is also possible to assess the effectiveness of the company’s information security services in detecting and suppressing attacks, if the management does not inform them about the work being done.

It is a mistake to think that penetration testing is aimed at identifying vulnerabilities; it is not the main task. Hackers look for security flaws as in Microsoft case – but only to exploit them to achieve the goals of the penetration test. For example, in the case of external testing, the task is usually to find the maximum number of ways to penetrate the organization’s local network; in the case of an internal one, determine the maximum possible level of privileges that an attacker can obtain. The company can test other parts as well, for example, demonstrate the ability to gain access to specific business systems.

It is important that a penetration tester should have the same level of training and the same tools as a potential attacker. A logical conclusion follows: the higher the level of qualification of a pentester, the better he can simulate the actions of a professional hacker and.

It is important to note: unlike cybercriminals, a pentester acts strictly within the framework of the law and only by agreement with the owner of the system. The list of attacked nodes and the checks carried out must be agreed upon with the responsible representative of the tested company.

How Microsoft Could Protect Data in Cloud

Local backup

This is a basic strategy that a company can use to keep cloud data secure. Loss of information can lead to dire troubles, particularly when data is everything an organization depends on. Backing up data is a good practice for making electronic copies so that the user can access them even if the original is lost or damaged.

Data Encryption

Encrypting data before uploading it to the cloud is a reliable way to protect your company from hackers. It is also worth using local encryption as an additional layer of security that protects data from service providers and administrators themselves. If the choice fell on an encrypted cloud service, you can provide additional security by using a preliminary round of data encryption.

Strong passwords

It is equally important to ensure that passwords are strong to prevent data theft. In addition to creating complex passwords, your organization should change them frequently. In addition, the introduction of a two-step verification process can improve data security. Using updated patch levels will prevent hackers from being resourceful and from bothering to further strengthen the password and change it regularly.

Cybersecurity Measures

The above security measures can protect your data in the cloud, but sometimes the problem might not be with the security, but with the device you’re signed in from. Hackers can easily gain access to your account if proper protection is not provided. In such cases, enterprises expose themselves to viruses or other threats, providing entry points for attackers. With this in mind, the cloud needs to be protected with secure cloud migration and general security protocols. A secure cloud system and its servers must use the right security tools.

Penetration Testing

This procedure is of utmost importance. Typically involves researching the cloud to assess how productively it interacts with security settings. By hiring an ethical hacker, you can check the security level and its relevance. Do not assume that the cloud is permanently protected – the fact is that maintaining the security of cloud data requires constant action.

Cloud storage offers a ton of benefits. But companies need to know that security is not guaranteed, but possible. Adopting multiple protective measures by enterprises can be critical to keeping files safe in the cloud, and beyond.

The Workflow of Cybersecurity Measures for Every Company

Information Collection:

  • Coordination of the scope of work
  • Obtaining the necessary information about the object of research

Vulnerabilities search:

  • Search in manual and automated modes
  • Analysis of primary results
  • Manual verification of vulnerabilities

Vulnerabilities Exploatation:

  • Search for exploits for discovered vulnerabilities
  • Simulation of attacks
  • Impact analysis

Development Recommendations:

  • Description of identified vulnerabilities and attack vectors
  • Recommendations for eliminating vulnerabilities and configuration errors


  • Policy insights for management
  • Systematization of possible attacks and identified vulnerabilities

Security testing can be useful for any organization, regardless of the field of activity. However, the work should be carried out when the organization already provides comprehensive security of the infrastructure, its protection from cyberattacks, and security measures are implemented. This means that the level of maturity of information security processes in an organization must be sufficiently high. It is especially important to conduct penetration testing for large companies with distributed infrastructure since it is difficult to secure a sufficiently complex system without verifying the effectiveness of its protection.

Security Testing Advantages

Modern approaches to business organization imply the assessment and management of business risks. Top managers should clearly understand which of the risks are most significant for their business today. Many of these risks can be realized as a result of a cyberattack (for example, theft of money from company accounts or the failure of an important contract by deleting files on a director’s computer).

Hackcontrol experts can give advice on how to set up the infrastructure and what protection systems to use in order to eliminate or minimize these particular risks. The results of the security tests and checkups allow ranking security flaws and eliminate the most dangerous threats, reduce the risk of a system compromise, and the possible costs of eliminating the consequences of attacks in the future. As well as protect the company’s reputation.

Talk to an Expert

1. We will review your request within 2 hours and contact you.

2. We will check your company and describe the workflow.

3. We will start cybersecurity check.

    Privacy Policy

    Vitaly is a principal consultant at Hackcontrol as wall as aa business and IT thought leader. He has over 15 years of experience in consulting, account management and is a specialist in cybersecurity.