2 min read

The Microsoft Exchange Server mega-hack - what you need to know

Graham CLULEY

March 09, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
The Microsoft Exchange Server mega-hack - what you need to know

What’s going on?
In case you’ve missed the news – hundreds of thousands of Microsoft Exchange Server systems worldwide are thought to have been compromised by hackers, who exploited zero-day vulnerabilities to steal emails.

Victims have included the European Banking Authority.

The attacks began seemingly specifically targeting organisations, but has now broadened and escalated dramatically.

As a consequence, there is a good chance that many small business, corporate, and government victims of the attack are currently unaware that they have fallen victim.

What’s a zero-day vulnerability?
“Zero-day” means that the people responsible for patching the vulnerability had zero days to do it before the flaw was exposed or exploited by malicious hackers.

In short, an official security patch has not been released – and malicious hackers may have already taken advantage of the flaw.

My business uses Microsoft Exchange – are we at risk? How do we patch?
The first thing to ask yourself is which flavour of Microsoft Exchange your company uses.

The vulnerabilities reside in the on-premises editions of Microsoft Exchange Server. It is not present in the cloud-based Exchange Online or Microsoft 365 (formerly O365) email services.

Who is behind the attacks?
In a blog post, Microsoft said that it believed a Chinese state-sponsored hacking group called “Hafnium” were behind the attacks.

China has denied any involvement.

However, the release of the security patches and the tardiness of some organisations to defend themselves has almost inevitably encouraged other hackers to also target vulnerable systems.

The US Cybersecurity and Infrastructure Security Agency (CISA) says that it is “aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers.”

Is this any way connected to the SolarWinds attack that people started talking about a few weeks ago? That was being widely blamed on Russia.
Microsoft has said that it has seen “no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services.”

So how can I fix this for my company?

Microsoft issued patches for the critical vulnerabilities in Microsoft Exchange Server last week, and recommended that vulnerable organisations apply them as a matter of urgency.

If your company is not in a position to immediately patch, then you should make yourself familiar with the alternative mitigations suggested by Microsoft, and limiting or blocking external access to internet-facing Exchange servers.

The best advice, however, is to patch as soon as possible. Anything else is a temporary solution like sticky tape.

Is there anything else we should be doing?
Yes. It’s obviously a good thing if you’ve patched your systems, but that will not undo any damage that might already have been caused if you were already compromised.

You should also attempt to identify whether your organisation has already been breached, and hackers have gained a foothold.

Microsoft has released a tool that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities.

Is there anywhere I can find out more?
I strongly recommend that you check out Microsoft’s security advisory and blog post.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds
Silviu STAHIE

October 04, 2022

2 min read
German Police Arrest Three People Accused of Running Massive Phishing Campaign German Police Arrest Three People Accused of Running Massive Phishing Campaign
Silviu STAHIE

October 03, 2022

1 min read
Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read