SharePoint security breach: How companies can reduce risk in the future | SecureCloud

The vulnerability in Microsoft's SharePoint could cause massive damage. Experts have been urging for years to reduce dependence on individual providers.

Who is affected and what are the risks?

What is important is: Only self-operated SharePoint servers are affected. The cloud version of SharePoint Online in Microsoft 365 has been spared. However, the effects are serious:

• Hackers have already exploited the vulnerability and have entered the servers “Dozens” of companies and authorities penetrated.
• According to the Washington Post, there were also two US federal agencies attacked.
• Eye Security experts warn that attackers Steal data and passwords Can. Even more disconcerting is the possibility to pick up digital keys, which allow them to regain access to the systems even after the gap has been closed.
• IT security firm Crowdstrike describes the gap as “significant vulnerability”.
• Even before the first patches were released, around 100 organizations compromised. Most of these compromised installations were in the USA and Germany. The early victims included a large energy company and several government institutions in Europe.
• It was estimated that before the patches became available 9,000 to 10,000 vulnerable SharePoint instances existed.

SharePoint attack: That's what Microsoft advises‍

Microsoft has strongly recommended install security updates immediatelyto fill the gap. If this is not possible, the Group advises the affected servers disconnect from the Internet. It is important to note that after the update the ASP.Net “machine keys” must be rotated, which requires you to restart Internet Information Services (IIS).

The US Federal Police FBI has started an investigation and is working closely with various authorities and companies. The Department of Defense's cyber command is also involved in coordination with Microsoft. The American IT security authority CISA has affected government agencies and companies quick action called.

Reduce risk: Experts recommend diversifying

Initial analyses, including from Google's Mandiant, suggest that at least one of the attackers could be from China. Canadian and Australian authorities have also launched investigations.

These incidents are not new: As early as 2023, Chinese hackers allegedly gained access to emails in US authorities via a Microsoft vulnerability. IT security experts have therefore been warning for years that authorities should their Reduce dependency on individual providers and should diversify their software, as Microsoft is a popular target for attackers due to its market penetration.

A complete connection to hyperscalers such as Google, Microsoft or Amazon can be convenient, but it also involves major risks.

In Europe in particular, however, there is safe alternatives in areas such as encrypted communication (e.g. Threema) or data exchange (e.g. SecureCloud). Sovereign solutions for Enterprise File Sync & Share offer both comfort and ease of use as well as highest data protection standards.

SecureCloud underpins its claim to maximum possible data protection with data centers and headquarters in Germany, certification in accordance with ISO 27001 and a BSI C5 certification.