Top five largest cyber-attacks in the past year and lessons learnt | SPONSORED
Sponsored by RunSafe Security
Cyberattacks are becoming far too common, especially after the COVID-19 pandemic, as companies are changing how they’re doing business.
Cyber-attacks on enterprises’ software, in particular, have already affected millions of users. Unfortunately, these will continue to impact more people unless organizations take proper precautions to prevent cybercriminals from exploiting vulnerabilities.
Microsoft Exchange Server Cyber Attack
Microsoft was victim to a cyber-attack targeting zero-day vulnerabilities, which has been linked back to Hafnium, a state-sponsored threat group from China.
The bad actors used the vulnerabilities in Microsoft Exchange to install malware and access email accounts. The attacks began to appear as early as January of 2021. Although it is not connected to the SolarWinds attack, it has still affected more than 30,000 organizations in the US alone. The attack didn’t become global until February 26-27, 2021.
Microsoft released security updates to patch the vulnerabilities on March 2, 2021. However, Microsoft saw more attacks on March 5-8, 2021, which may have affected around 250,000 organizations. Additionally, the Microsoft Defender Antivirus was released on March 18, 2021, to mitigate Exchange vulnerabilities automatically.
What can we learn from this attack?
The lesson from this attack again involves the importance of immunizing your software from both known and unknown vulnerabilities. Many of the most commonly targeted vulnerabilities go after memory weaknesses in code. If we can render inert in one fell swoop all exploits that target memory vulnerabilities, we can elevate everybody’s security posture.
Let’s look at the other four largest cyberattacks in the past year to learn what could have been done to prevent or reduce the time spent resolving the issues.