Microsoft Faces Active Attacks on SharePoint, Impacting Global Businesses and Governments

Julie Anne
· · ·

Microsoft has recently raised alarms about ongoing “active attacks” targeting its popular SharePoint software, which is used by millions of businesses and government entities globally for document storage and collaboration. Security experts suggest that the breach poses a serious risk, with widespread ramifications for organizations around the world.

microsoft sharepoint
Photo via Jeenah Moon | Bloomberg | Getty Images – A Microsoft store in New York, U.S., on Friday, October 25, 2024.

Vulnerabilities Exposed in SharePoint

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Sunday, stating that a security vulnerability in SharePoint has allowed unauthorized access to sensitive systems and data. Hackers can exploit this flaw to execute code and steal valuable information, including cryptographic keys, passwords, and documents.

Microsoft acted swiftly, releasing patches for two versions of SharePoint to address the breach. However, a version from 2016 remains vulnerable, and Microsoft is currently working on a fix.

Why SharePoint Servers Are at Risk

The issue primarily affects SharePoint servers managed on-premises, not those hosted on Microsoft’s cloud platform, Microsoft 365. SharePoint is widely used by organizations to store documents and collaborate across teams, making it an attractive target for cybercriminals. The breach has already affected a broad spectrum of sectors, including government agencies, universities, and major corporations.

According to researchers from Palo Alto Networks, the vulnerability is particularly concerning because it enables hackers to maintain access even after patches are applied. This is due to the ability of the attackers to establish persistent backdoors, which allow them to bypass future security updates.

Advertisement

Scope of the Attack

Silas Cutler, a cybersecurity expert at Censys, estimates that over 10,000 companies with on-premises SharePoint servers are at risk, with the United States having the highest number of affected organizations. Other impacted countries include the UK, the Netherlands, and Canada.

Although Microsoft has patched the vulnerability for most versions, some companies remain exposed. Security experts have expressed concern that this breach could lead to large-scale data theft, ransomware attacks, and persistent cybersecurity threats.

The Wider Implications for Businesses

With SharePoint often linked to other Microsoft services such as Outlook and Teams, the vulnerability provides a gateway for further exploitation. Hackers can quickly exfiltrate sensitive data, deploy malicious software, and even hijack user accounts.

“Once inside, they’re exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys,” said Michael Sikorski, CTO of Palo Alto’s Unit 42.

Advertisement

The issue comes as Microsoft continues to struggle with cybersecurity challenges. Following a series of high-profile breaches, including a 2023 attack on Exchange Online, the company has been working to strengthen its security posture. Nonetheless, experts remain critical of the company’s security practices, especially after a 2024 report indicated that Microsoft’s security culture needed significant improvement.

Ongoing Risks and Response

At this stage, it’s still unclear who is behind the attacks, though researchers suspect a coordinated group. The breach is affecting organizations worldwide, including federal and state agencies in the U.S., universities, energy companies, and multinational corporations. Microsoft has not yet commented on the specifics of the attack or the identity of the perpetrators.

Despite the ongoing threats, Microsoft’s team is working around the clock to develop and distribute additional patches to protect its clients. The company’s swift response, however, has not been enough to prevent significant damage to the organizations affected.

Will this latest cyberattack prompt stronger security measures for businesses using SharePoint? Let us know your thoughts in the comments.

More…

Advertisement

Julie Anne Loquinario

Hey, it’s Julie! Powered by coffee and cuddles from my five feline overlords, I’m always hunting down the best cafés and restos in Toronto and the GTA. When I’m not indulging in my latest food obsession, you’ll find me binge-watching shows or dreaming up my next adventure.

Read More..

Leave a Reply

Your email address will not be published. Required fields are marked *