ACSC running scans to find vulnerable Microsoft Exchange servers in Australia
Head of the Australian Cyber Security Centre (ACSC) Abigail Bradshaw has told senators “10s of organisations” have so far reached out to her agency regarding vulnerable Microsoft Exchange servers.
“We have had feedback from 10s of organisations who have spotted the indicators of compromise and whom we’ve assisted,” Bradshaw said. “The fact that people are engaging us on the basis that they’ve identified indicators of compromise is evidence both of the fact that they’ve seen the advice because they’ve run the specific scripts, but also an understanding that they understand and are able to spot for themselves where there are vulnerabilities on their systems.”
Bradshaw’s remarks were in response to senators raising concerns on Wednesday night that around 7,000 servers in Australia were vulnerable to the threat, with 11,000 Australian IPs found as potentially vulnerable.
“We have also used what we call part of our cyber hygiene improvement program, which has been funded under the Cyber Enhanced Situational Awareness and Response funding, which gives the ACSC capacity to run scans on externally facing internet connections, which has assisted us to observe the number of systems that still require patching, which means that we have some familiarity with the numbers of servers that were identified,” Bradshaw explained.
She said the ACSC has been monitoring those flagged as vulnerable “extraordinarily closely” by running constant scans. She said the ACSC has observed a “very substantial degree of patching”.
“And as a consequence, many, many fewer servers, which remain vulnerable since that date,” she said.
The ACSC has also engaged directly with managing director of Microsoft Australia Steven Worrall, Bradshaw said, in regards to the results of its scanning.
“[We] engage them on how we can assist them to get to any residual Microsoft customers who might be running that particular server,” she added.
Director-General of the Australian Signals Directorate (ASD) Rachel Noble said her organisation was first made aware of the Microsoft Exchange issue on March 3, resulting in the ACSC sending out an email blast to its 63,500 subscribers.
The ACSC also wrote directly to 100 of its Commonwealth government CISOs and an additional 50 in state and territory governments.