If you use Microsoft Exchange, chances are you’ve heard quite a bit of chatter recently about a widespread cybersecurity attack that exploits four critical vulnerabilities.
Some cybersecurity experts are saying the scope of the attack is unprecedented. Indeed, across the globe, tens of thousands of organizations had their email servers compromised in attacks targeting Microsoft Exchange.
Microsoft attributed the campaign to a state-sponsored advanced persistent threat (APT) hacking group working out of China, called Hafnium. Once Hafnium exposed the vulnerability, many other groups followed suit and began exploiting it as well. Such volume and persistence have resulted in organizations, regardless of size and industry, experiencing potentially serious negative consequences to their privacy and networks.
Microsoft released critical updates to secure Microsoft Exchange Servers against the four vulnerabilities in early March and urged organizations to apply them immediately to prevent cyberattacks to their email servers.
However, because companies are not aware of the attack, or do not have the ability to apply the updates quickly, hackers are still taking advantage of the vulnerabilities and gaining access to servers.
So, how did the attack occur and what are its ramifications, specifically for businesses using Microsoft Exchange?
To find out, we spoke with Fred Cobb, Executive Vice President and Chief Information Security Officer at InfoSystems.
“The Microsoft Exchange Server attack has drawn a line in the sand,” Cobb said. “And businesses need to determine if they truly need on-premise servers anymore. In addition to these vulnerabilities, on-premise servers require constant upkeep, maintenance, and expertise, and a lot of times companies just don’t have the manpower or bandwidth to handle it properly.”
Companies can always move to the cloud, Cobb said, to reduce oversight and the risk of further vulnerabilities, but in terms of the Hafnium attack, and what businesses need to be aware of now, it’s a matter of awareness, planning, and protection.
“The information coming out earlier this month was spotty,” Cobb said. “And even the most nimble companies weren’t sure what to do. The attackers detected more vulnerabilities before Microsoft issued the first patch, so when one hole was plugged another started leaking. Meanwhile, other groups joined the attack, which is why it’s propagated so quickly across the globe.”
Hackers are racing to compromise as many victims as possible before Microsoft can fix all the problems, which is a reality companies need to accept.
“If you use Microsoft Exchange, you should consider yourself hacked,” Cobb said. “We were two for two in our preliminary tests here in Chattanooga, meaning that two of the two companies we tested had in fact been attacked. But they were not aware of it.”
This is why it’s so important to stay current on cybersecurity attacks and to know where your organization is vulnerable. Cobb explained, “If we operate from the assumption that we’ve been hacked, and, at a basic level, understand how the attacks take place, we become aware and can start making a plan.”
“These attacks allow for forged login attempts to occur through HTTP. Once the hackers gain access, they can take over your entire environment. They can scan email, address books – any number of things that can potentially harm your organization. Without the appropriate cybersecurity tools active, the attack is silent. You wouldn’t know you’d been compromised. By that point, the attackers can stay in your environment. They’ve taken contacts from your address book and targeted them. It’s a spider mentality that lets it spread further and further.”
That means the likelihood of ransomware attacks increases. As a result, to avoid falling victim to cyber attackers exploiting the vulnerabilities, organizations must take action and apply the critical updates now. The longer the patches aren't applied, the more time cyber criminals have to exploit the vulnerabilities as part of an attack.
Even if organizations have already applied the relevant security updates, Cobb said, “there's no guarantee they were not compromised by malicious hackers before the patches were applied,” making the need to analyze your network to examine if it has been accessed by cyber criminals all the more urgent.
Cobb acknowledges that many of us rely on Microsoft products to conduct business, and we should feel confident about using their products. But rather than place the blame on them, it’s important for SMBs to understand that attacks are part of the digital landscape. As long as technology drives business, hackers are going to seek ways to exploit it. To offset the dynamic, focus instead on working with a cybersecurity partner to help you assess your vulnerabilities, monitor activity on your network, and implement remediation in the case of an attack.
“In this case, nothing could have been done to thwart the attack. But if you have a cybersecurity partner, they can see when malicious activity strikes, and will know what to do to fix the problem,” Cobb said.
“InfoSystems can help you make the right choice as it relates to your needs. Remember, highly intelligent, capable people like to pick on Microsoft and exploit weaknesses. Which is why businesses need a layer of security that keeps their data safe, and experts to guide them when an attack like this one takes place.”