By James Pearson
LONDON, July 22 (Reuters)
Microsoft seems to be facing some challenges related to cybersecurity, and it has turned out to be quite a big issue. They are working and have been working on fixing the issues; however, it looks like there have been more talks and criticism because the well-known SharePoint software was actively exploited by hackers in recent weeks. What seemed to have been a shield to stop the attacks did not work, and this placed the software at risk and more vulnerable. Because of that, people are now questioning Microsoft, despite the tech giant’s prompt emergency patch release.
Microsoft is at risk and they assume that China is involved
A security patch released by Microsoft MSFT.O last month failed to fully fix a critical flaw in the U.S. tech giant’s SharePoint server software that had been identified in May, opening the door to a sweeping global cyber espionage operation. It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend.
But Alphabet’s GOOGL.O Google, which has visibility into wide swathes of internet traffic, said it tied at least some of the hacks to a “China-nexus threat actor.” The Chinese Embassy in Washington did not respond to a Reuters request for comment. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations.
Microsoft subsequently said in a July 8 security update that it had identified the bug, listed it as a critical vulnerability, and released patches to fix it. Around 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers.
Right now, nothing can be said until there is assurance of the matter
When contacted, Microsoft was not immediately able to provide a comment on the patch and its effectiveness. The vulnerability that facilitated the attack was first identified in May at a hacking competition in Berlin organised by cybersecurity firm Trend Micro 4704.T, which offered cash bounties for the discovery of computer bugs in popular software.
It offered a $100,000 prize for “zero day” exploits – so-called because they leverage previously undisclosed digital weaknesses – that could be used against SharePoint, Microsoft’s flagship document management and collaboration platform. A researcher working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam’s military, identified a SharePoint bug at the event and dubbed it ‘ToolShell.’
Sensitive information and data are shared via SharePoint; hence, the commotion
SharePoint is software used on a global scale mostly by organisations, companies, government and more in partnering with projects, sharing information and so forth. Therefore, you can imagine the sensitive information the software carries. We are talking of sensitive documents, passwords and data that can expose organisations or make their confidential information leak.
Attackers quickly targeted a vulnerability known as CVE-2024-38080 that security experts had found earlier this year. Meaning, SharePoint is under attack, and Microsoft is getting backlash because it is now looking like they do not know how to be secure or do not have enough secure code to protect their clients’ information. British cybersecurity firm Sophos said in a blog post,
“Threat actors subsequently developed exploits that appear to bypass these patches.”
The pool of potential ToolShell targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, while cautioning that the figure was a minimum. Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.