Overview
- According to cybersecurity firm Eye Security, 396 on-premises SharePoint servers in 145 organizations have been compromised worldwide.
- Microsoft released an emergency patch on July 22, but many organizations have yet to install it or were infected before its deployment.
- Microsoft attributes the initial wave of intrusions to Chinese-affiliated groups Linen Typhoon, Violet Typhoon and Storm-2603.
- Criminal gangs are leveraging persistent backdoors to prepare ransomware attacks that encrypt victims’ data for extortion.
- European small and mid-sized enterprises running on-premises deployments without continuous security monitoring face heightened risk.