The Jersey Cyber Security Centre is urging Island organisations to avoid using unsupported or unpatched systems after a serious cyber security weakness affected several local businesses and compromised 396 systems around the world.
The vulnerability affects users of certain self-hosted versions of Microsoft SharePoint – a platform for document sharing and collaboration. Known as ‘ToolShell’, it does not affect organisations using Microsoft’s cloud-based SharePoint service.
ToolShell combines two security flaws that, when exploited together, allow attackers to gain unauthorised access to an organisation’s network. Once inside, attackers can steal sensitive data or launch ransomware attacks – encrypting data and demanding a substantial payment for its release.
Several Jersey organisations were affected. The Jersey Cyber Security Centre (JCSC) identified five internet facing unpatched SharePoint systems, alerted the relevant organisations, and advised them on next steps – including shutting down key systems in some cases.
Matt Palmer (pictured), Director of JCSC, said: “This vulnerability highlights the hidden risks many Island organisations face. While most people regularly update their phones or laptops, the core infrastructure that supports organisations also needs to be updated.
“The affected organisations we contacted were running outdated software. No one wants to pull the plug on critical services during an emergency – but that’s the risk when relying on these old systems.
“Microsoft issued a patch for ToolShell, but these patches aren’t available for older, unsupported systems. That leaves organisations more exposed and increases the impact on services and productivity.”
JCSC recommends all organisations develop a clear plan for applying security updates, and install them within 14 days of release.
Additional free and simple steps to reduce your cyber risk include:
- Using strong, unique passwords for all accounts
- Enabling Multi-Factor Authentication (MFA) for all services
- Achieving Cyber Essentials Plus certification to validate defences
- Organisations managing their own servers should also isolate or disconnect any out of support systems that cannot be patched.
Matt Palmer added: “It’s great that organisations took prompt action in this case. However Cyber criminals are always adapting. We want to give Islanders the best possible chance of staying secure. I urge any organisation – large or small – to contact JCSC for confidential advice.”
