The internal teams of the capital market supervisor mention that “the incident would be limited to the Microsoft Exchange platform.”
The Commission for the Financial Market (CMF) reported through a press release more information on its computer incident after being affected by “vulnerabilities in the Microsoft Exchange email platform.”
The regulatory entity chaired by Joaquín Cortez indicated that “the analyzes carried out by the information security and technology area of the CMF, together with external specialized support, so far they dismiss the presence of ramsonware and indicate that the incident would be limited to the Microsoft Exchange platform. “
This means that there would be no data hijacking of the organism, which is achieved through a malicious program that limits access to certain parts of the information stored in infected files.
The CMF supervises and regulates the securities, insurance and banking markets, covering more than 7,900 supervised entities. The companies within the regulatory perimeter of the CMF have assets of US $ 547 billion, equivalent to 2.1 times Chile’s GDP.
The capital market supervisor also reported that once the vulnerability was detected, it contacted the operational continuity group of the Financial Stability Council – which is made up of the Ministry of Finance, the Central Bank and the Superintendency of Pensions – as well as with the CSIRT of the Ministry of the Interior.
The CMF assured that “the investigation of the incident continues.”
The incident with the CMF’s Microsoft Exchange platform is known after security researchers detected a new strain of ransomware that takes advantage of a failure in Microsoft Exchange servers that were alerted to the market days ago.
In fact, in the United States the FBI and the Department of Homeland Security alerted last week about the vulnerability of the Exchange server and said that this flaw “could exploit these vulnerabilities to compromise networks, steal information, encrypt data to request a ransom or even execute a destructive attack. “
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has been pushing for patches to be applied to networks from both the US government and the private sector.
This hack is believed to have affected at least 30,000 Microsoft email servers.
It should be remembered that on December 10, the CMF signed a contract with Entel to provide computer services. Within the contract for which the entity paid about $ 25 million, the objective was to strengthen emails.
The agency’s technical teams recommended Cortez to make a direct deal with Entel to provide these services “in order to ensure the operational continuity of the CMF and to mitigate the risks involved in a project of these characteristics, bearing in mind that Entel already manages part of the platform that this entity has “.
The CMF was not available to provide more details on the requirements of this medium.
<!–