In particular, by exploiting two of these vulnerabilities, hackers can gain deep control over the system and maintain long-term access. This creates an "ideal environment" for Advanced Persistent Threat (APT) espionage campaigns, stealing or encrypting sensitive data.
These vulnerabilities are being exploited on a large scale in many countries. At least 85 SharePoint servers have been infected with malicious web shells, affecting 29 organizations globally. Among the victims are numerous multinational corporations and government agencies, including the U.S. National Nuclear Security Agency (NNSA).
In Vietnam, SharePoint Server is used for document management in many agencies, organizations, and large technology and financial businesses. While no attacks have been reported to date, the risk of exploitation by these vulnerabilities is considered very high, especially in organizations deploying SharePoint Server on-premise without timely patching.
The attack process can originate from a point within the internal network, using sophisticated techniques that are difficult to detect. Hackers can secretly install malware on an internal workstation, from which they silently scan, expand their control, and gradually take over the entire system.
Bkav strongly recommends that system administrators urgently review and tighten internal access permissions to prevent the risk of attacks from within. For ministerial-level agencies that grant access to local units, these permissions should be immediately reviewed and limited if the system has not been patched or if thorough remediation measures have not been implemented. Patching vulnerabilities should be done as soon as possible.
Simultaneously, it is necessary to strengthen monitoring measures, limit external access, deploy web application firewalls (WAFs), monitor system access logs, and establish early warning mechanisms for any anomalies. For units without dedicated information security teams, they should proactively contact incident response centers for timely advice and support.
SharePoint Server is a document management and enterprise collaboration platform developed by Microsoft. The system allows for centralized storage, sharing, searching, and management of documents, while also supporting the creation of internal websites (Intranets), enterprise portals, and deep integration with Microsoft Office and Microsoft 365 to enhance team productivity.
Source: https://www.sggp.org.vn/tap-doan-cong-nghe-bkav-canh-bao-nguy-co-tan-cong-mang-tu-loat-lo-hong-tren-phan-mem-sharepoint-server-cua-microsoft-post805404.html
Comment (0)