Warnings over IT security after latest cyber attack

This followed an attack that has been initially linked to a state-sponsored group based in China and, subsequently, to criminal groups.

Microsoft Corporation announced earlier this month that a well-organised China-based threat actor named 'Hafnium' had deployed targeted attacks against a number of US-based businesses.

In recent days, the Irish National Cyber Security Centre issued an alert to companies urging them to patch their Microsoft Exchange servers.

“It is important that organisations take urgent action regarding this issue. If an organisation has the technical capability to follow the provided guidance, they should take those relevant steps,” it said.

“If an organisation does not have the capability to follow the provided guidance, it is recommended that they seek assistance from a third-party IT security provider in order to ensure the security of their network.” 

The alert said: “Microsoft initially noted that these attacks were being exploited by a group they call Hafnium. However, we understand that a number of other threat actor groups are now scanning for vulnerable services, exploiting them and deploying web shells on victim's servers."

A web shell is a 'post-exploitation tool' that allows an attacker to maintain persistent access on a compromised web application.

Security First CEO Rory Byrne, said: “This is a bit like a burglar adding a backdoor to every house in your estate but the door they used was made of plywood and lots of other random people's keys will fit in the lock. Except your estate is everything from banks to hospitals.

“Right now the urgency of alerts from Irish and international authorities reflects the severity of this threat."

He added: "Many have attributed this reckless attack to China. What probably started as a state-level operation focused on gathering information now means criminals may be able to access, steal and ransom the data and essential services of thousands of Irish businesses.” 

He said organisations should now invest considerable resources to update their systems, remove access methods and understand the extent of any damage that may have been done.

“It is a reminder that Ireland is increasingly at risk from such threats and the glaring need to very significantly increase our skills, investment and commitment to increased cyber security," Mr Byrne said.