After a court order allowed the FBI to take action into networks of businesses affected by the malicious web shell s from hundred of systems, the US Department of Justice confirmed they are working on it, however some critical voices are questioning what this mean for the future of cybersecurity.
Tonya Ugoretz, Assistant Director of the FBI’s cyber division said: “This operation is an example of the FBI’s commitment to combating cyber threats through our enduring federal and private sector partnerships”.
Attackers were (and probably still) using a vulnerability to exploit web shells to escalate privileges and take control of the servers as Administrator. Microsoft released a critical security update to protect Exchange Server customers and lately made an update on Windows Defender to better help the users.
In the UK, the NCSC is actively helping all size organisations to protect the network installing the necessary patches, however it’s important to keep in mind a basic concept: even if FBI of NCSC are working to support the industry, business could remain potentially exposed if the Microsoft Exchange Server Zero-day is not patched.
To learn more: https://www.zdnet.com/article/the-fbi-removed-hacker-backdoors-from-vulnerable-microsoft-exchange-servers-not-everyone-likes-the-idea/
The NCSC approach to fix this problem: https://www.ncsc.gov.uk/news/advice-following-microsoft-vulnerabilities-exploitation