The Australian Cyber Security Centre (ACSC) is urging Australian organisations to apply patches to Microsoft Exchange deployments immediately after finding a "large number" are vulnerable to cyber attack.
In an updated high alert advisory on Wednesday afternoon, the ACSC said it had “identified extensive targeting and has confirmed compromises” of Australian organisations still running unpatched versions of Microsoft Exchange.
“The ACSC has identified a large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise,” it said.
“The ACSC urges these organisations to do so urgently.”
Last week Microsoft rolled out fixes for four zero-day vulnerabilities in Microsoft Exchange Server that it says have been actively exploited.
The vulnerabilities had gone unnoticed for nearly 10 years and it took Microsoft nearly two months to issue patches after being first notified of the security flaws in January.
Some people have estimated over 100,000 servers worldwide around could be affected by the vulnerabilities, leaving them open to vicious attacks like ransomware.
This week, the Australian Financial Review estimated the number of vulnerable Australian servers was around 7,000.
Assistant Defence Minister, Andrew Hastie MP, said Australian organisations ought to be aware of the risks associated with this attack vector.
“Australian organisations cannot be complacent when it comes to cyber security, which is why all users of Microsoft Exchange are being urged to patch their vulnerable systems,” he said in a statement.
“If organisations are unable to quickly deploy these patches, they should consider preventing internet access to the Exchange web server.”
Microsoft has detailed instructions on how to detect compromised machines and the ACSC has guidance for mitigating web shell attacks.
The ACSC’s updated alert status came on the same day as the government’s Cyber Security Industry Advisory Committee released its first report, focusing on the threat of ransomware.
Complete with responses from Toll Group GM Thomas Knudsen about the logistics company’s poor run with cyber attacks last year, the report calls for better cyber hygiene across the country and greater diligence from company directors.
Telstra CEO and committee chair, Andy Penn, said ransomware was one of the country’s “fastest growing threats” as our economy leans more on digital infrastructure.
“Sixty-two percent of small business have experienced a cyber security incident so being prepared and protecting your organisation and your customers is the digital equivalent of locking your front door at night,” he said.
“There are countless businesses that are attacked every day in Australia and, in some cases, those victims could have prevented or minimised the financial loss and emotional impact they faced through the use of simple cyber security controls and employee education.”
Last year, the government issued a broad warning that Australia was under cyber attack and encouraged organisations and individuals to shore up their defences.