Posted by: Heather Shy on March 12, 2021 at 8:00 am
You may have heard about the attack on Microsoft Exchange servers and wondered if you need to worry.
Unfortunately, if you have an on-premise (non-cloud) server running Microsoft Exchange, your network is at risk. You must install the patch Microsoft released last week as soon as possible.
Why? A press release from the Michigan State Police sums it up well: “The vulnerabilities allow a remote attacker to access vulnerable email servers, the emails stored on them, allow for the installation of additional malware, harvest passwords and facilitate long-term access to victim environments.”
What this means is that hackers can not only steal information from your emails, but can also install malicious “back doors” that allow them to swipe your passwords, change protective controls, and gain even more control over your computer network and data.
What is a Vulnerability?
“Vulnerabilities” are subtle software flaws that pop up from time to time. Generally, researchers find these flaws and the developer creates a security patch in time to prevent major disruption. This Exchange Server flaw differs in that hackers quickly jumped on it and are using it to steal information.
Hackers started attacking Microsoft Exchange in January, but attacks escalated quickly in late February. In fact, former director of the U.S. Cybersecurity and Infrastructure Agency, Christoper Krebs, believes that Exchange users should assume they were attacked sometime between February 26 and March 3, 2021.
While much attention has focused on a Chinese-government sponsored group called Hafnium, multiple groups are using this attack to steal critical business and personal data.
Are Small Businesses at Risk from the Microsoft Exchange Server Attack?
Yes. Never assume your business is too small to be attacked.
For this attack, experts estimate 30,000 to 60,000 businesses and organizations have been affected already. Some of these are small networks, such as local governments and credit unions.
Keep in mind, however, if you are using Microsoft Exchange in the Cloud (such as with Microsoft 365), then you should not be risk. This time. The sad fact is that attacks like this can come up at any point. That’s why it’s critical to run security patches upon release.
What Should I Do About the Microsoft Exchange Server Attack?
If you are running Microsoft Exchange via an on-premise (non-cloud) server, you must install the security patch immediately.
In addition, consult with a trusted IT partner. They can check for specific files that show your network has been compromised.
You may also wish to consider moving your email to the cloud as soon as possible.
Also, consider higher-level security protections, such as next-generation antivirus (NGAV) and endpoint detection and response (EDR). If your business is in finance or handles government contracts, these are increasingly important for data protection as well as industry and governmental security compliance.
Michigan Cyber Command Center (MC3) requests that anyone with evidence of a compromise related to this or other malware activity report it at 877‑MI‑CYBER or the FBI’s Internet Crime Complaint Center at www.ic3.gov.
Microsoft’s ‘Crazy Huge Hack,’ Explained (Gizmodo.com)