The European Banking Authority (EBA) has confirmed it is another victim on the list of organisations affected by vulnerabilities in Microsoft Exchange.
The EBA hurriedly pulled its email servers offline over the weekend as it realised that it was among the ranks of those hit by flaws in Microsoft Exchange being targeted by miscreants.
While worries about personal data held in emails were a factor in the move, by Monday the authority was feeling confident that the data leaks stopped with its email servers and that no additional information extraction had occurred.
The European Banking Authority HQ (left) at the Europlaza tower in Avenue André Prothin, Paris
It took until today before the authority restored its email communication services and confirmed that the threat had been removed. “Data has not been compromised,” it said.
The authority continued: “The analysis was carried out by the EBA in close collaboration with the Computer Emergency Response Team (CERT-EU) for the EU institutions, agencies and bodies, the EBA’s ICT providers, a team of forensic experts and other relevant entities.”
The Paris-based EBA is charged with conducting stress tests on banks in the European financial system and hunting for flaws. The latter, however, refers to flaws in how banking structure operates, rather than what might be lurking within Microsoft’s popular on-premises email server.
The torture garden of Microsoft Exchange: Grant us the serenity to accept what they cannot EOL
As for the software backdoors themselves, there is every chance they could have been present for a while. Security researcher Brian Krebs recently published a timeline for the vulnerabilities (and their exploitation) that went back to early January this year.
Still, the EBA, housed in its new French home after departing London as a result of Brexit, is hardly alone. John Hultquist, analysis veep at Mandiant Threat Intelligence, said: “Broad exploitation of the Microsoft Exchange vulnerabilities has already begun.”
He added: “The cyber espionage operators who have had access to this exploit for some time aren’t likely to be interested in the vast majority of the small and medium organisations.
“Though they appear to be exploiting organisations in masses, this effort could allow them to select targets of the greatest intelligence value.”
The EBA’s woes are further evidence of the widespread nature of this attack and there was a distinct whiff of barn door and bolted horse as it sought to reassure anyone potentially affected that “the confidentiality of the EBA systems and data has not been compromised.”
“Besides re-securing its email system, the EBA remains in heightened security alert and will continue monitoring the situation,” it added. ®