Over 30,000 entities, including local governments, small businesses, defense contractors, and education institutions, have been breached because of unpatched exploits in Microsoft Exchange, reported journalist and investigative reporter Brian Krebs on his blog, KrebsOnSecurity.
“In each incident, the intruders have left behind a ‘web shell,’ an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers,” Krebs wrote.
According to Microsoft, the attack was orchestrated by notorious Chinese hacking group Hafnium, and they started on January 6th, the day when rioters stormed the United States Capitol in a violent attack against the 117th United States Congress.
Microsoft released emergency security updates to patch the vulnerabilities on March 2nd, which means that the attackers had nearly two months to infiltrate vulnerable systems. The tech giant has been working closely with the U.S. Cybersecurity & Infrastructure Security Agency (CISA), as well as other public and private organizations, to secure all unpatched servers running Exchange Server 2013, 2016, or 2019 (Exchange Online hasn’t been affected).
“The best protection is to apply updates as soon as possible across all impacted systems,” said Microsoft spokesperson in a written statement. “We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”
While most known victims of the attacks were located in the United States, breaches related to the Microsoft Exchange vulnerabilities were also detected on the other side of the Atlantic. For example, the Prague municipality and the Czech Ministry for Labor and Social Affairs were forced to shut down some of their systems and install emergency patches. No data was stolen during the attack, said Czech government officials.
Attacks like this one highlight the importance of timely patching and modern intrusion detection tools, which are able to detect unusual activity while it’s still time to act.
Stripe Enters The Middle East With Its UAE Launch
Stripe will initially only be available to UAE businesses, allowing them to accept online payments, make payouts, mitigate fraud, and attract customers from around the world.
Stripe, a provider of online payment processing for internet business, has finally expanded to the Middle East with its official launch in the United Arab Emirates. The Irish-American company also opened an office in Dubai Internet City, allowing it to be closer to its new customer base.
At first, Stripe will only be available to UAE businesses, allowing them to accept online payments, make payouts, mitigate fraud, and attract customers from around the world.
“The UAE is a thriving hub for technology, supported by strong investor appetite, internet-savvy consumers, and an open, innovative ecosystem of business leaders and entrepreneurs,” said Matt Henderson, EMEA Business Lead at Stripe. “Our launch today also means we can now connect our global user base to the Gulf, enabling them to seamlessly expand their operations in the region.”
Stripe’s entry into the Middle East market comes just weeks after its latest round of funding, which has resulted in the company’s value jumping up to $95 billion and making it one of the most valuable fintech companies in the world.
The UAE is the perfect entry point for the online payment processing provider because the total value of digital payment transactions in the gulf country has doubled in the last two years alone, reaching $18.5 billion in 2020. If the UAE remains on the current growth trajectory, its e-commerce sector is expected to add nearly another $10 billion over the next two years.
Another factor that makes the UAE such an ideal expansion point is the fact that accepting online payments in the country has historically been incredibly challenging. Stripe provides a straightforward setup process and developer-friendly APIs, making it easy for companies of all sizes to improve their online presence.
Last year, Stripe launched in the Czech Republic, Hungary, Romania, Bulgaria, Cyprus, and Malta. The company also expanded into Africa via Nigeria technology startup Paystack. In total, Stripe currently processes hundreds of billions of dollars each year.