Have You Audited Your Apps Lately? Here’s Why You Should.
Our smartphones are our lifelines. They keep us connected, entertained, and organized. But our devices can easily become cluttered with so many apps...
Estimates put the number of servers compromised by the attack in the hundreds of thousands globally.
A sophisticated attack on Microsoft’s Exchange Server, an enterprise email server built by the software giant, has become a worldwide cybersecurity crisis, as hackers race to infect as many victims as possible before companies can patch and secure their computer systems.
But the patch isn’t enough.
Microsoft was made aware of initial attacks exploiting previously unknown vulnerabilities in Exchange Server in early January, two months before issuing patches. The biggest concern here is that the vulnerabilities were being exploited prior to the patches being available.
There’s a 1 in 5 chance you were infected before the patch was released.
If a server was compromised prior to the patch being applied, deploying the patch will not remove any malware, backdoors, or footholds that have already been installed by attackers. Additionally, the patch will not prevent the backdoor from being accessed, it’s completely separate from the vulnerability.
Furthermore, installing the patches will not let you know if you’ve already been compromised.
Once awareness of the vulnerabilities became public, other state-sponsored and cyber-criminal hacking groups have attempted to target Microsoft Exchange servers that have yet to be patched.
On March 10th, 2021, a proof of concept was published for the Exchange Server attack, giving other cybercriminal group instructions for exploiting the vulnerabilities. The same day, ESET Research announced that it has identified ten APT groups actively attacking Exchange Servers with the technique.
If you DID NOT apply the patch immediately, you are almost certainly compromised.
About 45% of the vulnerable systems had been patched over the past week, a National Security Council spokesperson said. There are now fewer than 10,000 vulnerable systems remaining in the U.S., down from at least 120,000 at the start.
Here’s a brief timeline leading up to the mass-hack earlier this month, when hundreds of thousands of Microsoft Exchange Server systems got compromised.
Teknologize CTO, Dan Morgan, discusses the severity of the Exchange Hack.
Microsoft said Hafnium used the four newly discovered security vulnerabilities to break into Exchange email servers running on company networks, allowing attackers to steal data from a victim’s organization, such as email accounts and address books.
What makes this particular hacking campaign so damaging is not only the ease with which the flaws can be exploited, but also the number of and how widespread, the victims are. And what we’re seeing and realizing now is these attackers are using backdoors to infect systems with new variants of ransomware.
Security experts say the hackers automated their attacks by scanning the internet for vulnerable servers, hitting a broad range of targets and industries. Law firms, defense contractors, infectious disease researchers. schools, religious institutions, and local governments are among the victims running vulnerable Exchange email servers and caught up by the Hafnium attacks.
Larger well-resourced organizations have tools and resources to immediately check if their systems were compromised, preventing further infections of malware and ransomware.
But the smaller businesses may have a harder time on their own to act quickly. Patching the flaws is just one part of the recovery effort. Cleaning up after the hackers will be the most challenging part for smaller businesses that may lack the cybersecurity expertise.
Microsoft has urged IT administrators and customers to apply the security fixes immediately.
Additionally, in an alert published the US Cybersecurity and Infrastructure Security Agency (CISA), Microsoft has published a script on GitHub that can check the security status of Exchange servers. The script has been updated to include indicators of compromise (IOCs) linked to four zero-day vulnerabilities found in Microsoft Exchange Server.
On March 15th, Microsoft released a one-click tool as a temporary solution for IT admins who still need to apply security patches to protect their Exchange servers. The Microsoft Exchange On-Premises Mitigation Tool, available on GitHub, is currently "the most effective way to help quickly protect and mitigate your Exchange Servers prior to patching," according to Microsoft.
On March 18th, Microsoft added automatic on-premises Exchange Server mitigation to Microsoft Defender Antivirus software. Microsoft is also offering commercial customers using on-premise Exchange Server a 90-day trial of Microsoft Defender for Endpoint.
Systems administrators also need to update servers and carefully examine systems at all times, because hackers can have access to a device for months or years before someone notices.
One takeaway from the Exchange Server attack is that NO ONE is safe from a hack.
The breach comes at a difficult time for many IT administrators, following last year's Russian-linked hack, which leveraged SolarWinds software to spread malware across 18,000 government and private computer networks. These hacks are only a few months apart, and for some organizations, response to the SolarWinds compromise may still be ongoing and are now hit with potentially responding to the Exchange vulnerability.
"SolarWinds was bad. But the mass hacking going on here is literally the largest hack I've seen in my fifteen years," said David Kennedy, CEO of cybersecurity firm TrustedSec. "In this specific case, there was zero rhyme or reason for who they were hacking. It was literally hack everybody you can in this short time window and cause as much pandemonium and mayhem as possible.”
If you’re looking for IT services in the Tri-Cities or Yakima, Washington or Bend, Oregon areas, or concerned about the Exchange attack, give us a call at 541.848.6072 in Oregon or 509-396-6640 in Washington.
Our smartphones are our lifelines. They keep us connected, entertained, and organized. But our devices can easily become cluttered with so many apps...
The holiday season is here, bringing the excitement of discovering amazing deals during Black Friday and Cyber Monday. But while you’re hunting for...
Ah, the holiday season, when everything sparkles, sales soar, and your to-do list rivals Santa's naughty and nice list. For businesses, it's a time...