Microsoft email users told to act after hack
New Zealanders are being warned to act swiftly after a massive email hack that is being blamed on China.
Microsoft said its email exchange software had been infiltrated in a state-sponsored attack which the United States is now calling an ‘‘active threat’’.
There are fears hundreds of thousands of public and private sector organisations worldwide have been compromised, allowing hackers to download emails. Auckland University of Technology computer science professor Dave Parry said the hackers could steal valuable intellectual property or use information to blackmail people.
‘‘It is extremely concerning, the ones that have been attacked really have been completely open, so the attackers could have taken whatever emails they like from these exchange servers – and looked at calendar appointments, all sorts of other things.’’
Parry said people should download a fix immediately – although this would only work if servers were not already compromised. Parry said people should also run a security check to find and delete any malicious software installed. It appeared only those who ran their own exchange servers were being affected, rather than those using cloudbased Microsoft email.
Parry said central government likely had good hacking protection so possibly would not have been compromised but local councils, district health boards and medium scale businesses could all have been affected. He said the hack was a reminder of how insecure email could be.
The minister responsible for the GCSB, Andrew Little, said the National Cyber Security Centre had been working with its customers to pass on mitigation advice developed by Microsoft.
He said it was a reminder to have automatic updates turned on – something home users generally do. ‘‘The public service is aware of and appropriately managing the risks to its own networks.’’ – RNZ