Cyber security firm Logicalis said that a flaw in the Microsoft Exchange Server system has been exploited and software patches designed to fix the issue were applied too late for many businesses to escape attacks.
The initial breaches began in the USA and have continued throughout the world, with government and financial services regulators, such as the European Banking Authority, among those targeted. The US government has blamed the hack on Hafnium, an organisation Microsoft claims is sponsored by the Chinese government.
Tom Bale, business development and technical director at Logicalis, said: ‘Over 170,000 sites were vulnerable to this attack. While the attack may have started as an attempt to steal information from think-tanks, higher education institutes, defence contractors, and infectious disease researchers in the USA, it has gone global.
‘Organisations in the Channel Islands using Microsoft Exchange Server for emails are vulnerable. All internet facing exchange servers should be patched if not already done so.’
It is believed that software may have been compromised as early as January, allowing hackers to steal data and launch attacks against organisations.
Jason Connolly, director at Channel Islands firm Next Generation IT, said that his staff had been ‘working through the night’ to address the issue.
‘The news that there were significant compromises in the Exchange email system meant all hands to the pump as speed is key to ensure important data stays protected,’ he said. ‘Microsoft Exchange Server is an email inbox, calendar, scheduling and collaboration platform used by many businesses across the islands.
‘I am pleased that the swift actions taken by our technical engineers and consultants in implementing patches and working with clients has meant none experienced any issues.’
