Criminal hackers are currently exploiting a zero-day vulnerability in Microsoft’s SharePoint. They’re especially focused on recruiting U.S. federal and state agencies, universities, and companies in the energy sector. On Sunday, The Washington Post reported a stunning statistic. They focused attention on the rising peril posed by a found-out forerunner pest in Microsoft’s enterprise information supervision product.
Lorenzo has been leading the charge in covering this hack with his fellow TC platypi. As their reporting explains, the vulnerability now signifies the cultural capital our communities have lost. This problem has inadvertently opened up between 9,000 and 10,000 SharePoint instances to the internet. Well-known for his reporting on hacking, cybersecurity, surveillance, and privacy, Franceschi-Bicchierai is just the journalist to tackle the intricacies of this growing threat.
In fact, recently the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about actors exploiting this vulnerability. The federal agency’s warning highlights the need for all organizations to evaluate their SharePoint deployments and take necessary steps to secure them.
Silas Cutler, the principal researcher at Censys, an organization that tracks hacking activities on the internet, gave us a glimpse into the current reality. He noted that the first use of this vulnerability was probably to go after a very limited target. With each new bad actor that finds the exploit, the chance of a broader breach increases.
“This is a fairly rapidly evolving case. Initial exploitation of this vulnerability was likely fairly limited in terms of targeting, but as more attackers learn to replicate exploitation, we will likely see breaches as a result of this incident,” – Silas Cutler.
Cutler further elaborated on the initial targeting patterns, stating, “It looks like initial exploitation was against a narrow set of targets.” This is a troubling observation considering the quickness and adaptability of bad actors in finding and exploiting software vulnerabilities as they are discovered.
For general tips and secure communications, you can reach Franceschi-Bicchierai on Signal at +1 917 257 1382. Alternatively, you can contact them on Keybase or Telegram using @lorenzofb. Press inquiries for the full incident, press inquiries, or related topics, Lorenzo can be reached via email at lorenzo@techcrunch.com.