Last week we warned Belgian companies using Microsoft Exchange Servers about a system vulnerability. Since this weekend, we know that more than 1000 Microsoft Exchange servers in Belgium are vulnerable and we are getting more and more reports of cyber incidents at organizations and companies using this mail server. It is clear that this vulnerability is being actively exploited in various ways and perhaps by multiple criminal organizations. We may be facing a tsunami of cyber attacks on organizations that are vulnerable in the coming weeks.
On 3 March, we published an advisory document with actions to be taken. On 8 March, this document was updated. We can notify some potential victims directly, but not all organizations' details are known. Therefore, we are also making a general appeal through the press.
We would encourage all organizations using a Microsoft Exchange server to take the following steps:
- Perform the updates, as described in our advisory document;
- Scan the network for suspicious movements;
- Take immediate action if it appears that an intrusion may have occurred;
- If necessary, engage an IT partner or external expert.