Kiwis warned to act after massive Microsoft email hack
New Zealanders are being warned to act swiftly after a massive email hack that is being blamed on China.
Microsoft said its email exchange software has been infiltrated in a state-sponsored attack which the White House is now calling an “active threat”.
There are fears hundreds of thousands of public and private sector organisations worldwide have been compromised, allowing hackers to download emails.
AUT computer science Professor Dave Parry said hackers could steal valuable intellectual property or use information to blackmail people. “It is extremely concerning, the ones that have been attacked really have been completely open, so the attackers could have taken whatever emails they like from these exchange servers — and looked at calendar appointments.”
Parry said people should download a fix immediately — although this will only work if servers were not already compromised.
He said people should also run a security check to find and delete any malicious software installed.
Parry said it appeared only those who run their own exchange servers were being affected, rather than those using cloud-based Microsoft email.
He said central government likely has good hacking protection so possibly will not have been compromised, but local councils, DHBs and medium-scale businesses could all have been affected.
Andrew Cushen from InternetNZ said it was a large, widespread attack on tools that are commonly in New Zealand and around the world.
He said people should contact their IT specialists or go to the website of CertNZ, New Zealand’s cyber security agency, for more information.
Michael Shearer, CertNZ’s principal adviser for threats and vulnerabilities, said he wouldn’t comment on which New Zealand firms have been affected.
The minister responsible for the GCSB, Andrew Little, said the National Cyber Security Centre had been working with its customers to pass on mitigation advice developed by Microsoft.