Microsoft Exchange Servers Hacked – Is Your Company Affected?

No doubt that you have seen or heard the news about the latest hack and how serious it is.  And if you are in the affected group, it is very serious, so pay attention.   

 

Is Your Network Safe? 

From CyberheistNews “On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. 

 

The Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange email servers worldwide, at least 30,000 in America. 

 

If you are not technical you are probably wondering……”What does it mean for me?” 

 

Bottom Line – If you are running a MS Exchange Outlook Web Access (OWA) 

 server exposed to the internet; assume you have been compromised between  

02/26-03/03 and your system is now infected – until proven otherwise.” 

 

Is My System Infected? 

It depends on whether your IT person is keeping your updates and patches up to date. If not,  

you are in the group that needs to be alarmed and need to take action.   

 

If you don’t know if that’s you or not, you need to reach out to your technical resource that setup your email, OR a knowledgeable IT firm like CCS Technology and ask them to review your system. 

 

Microsoft says the affected versions are Exchange Server 2013, 2016, 2019.  They left off the earlier version like 2003/2007/2010.  Why?  Because they are safe?  No, because they are officially “not supported” by Microsoft anymore, and if you are on one of those versions you have even bigger problems because you’ve been ignoring advice about network security for a long while now. 

 

If you use Microsoft Office 365 or some other hosted Exchange or other email product, you are not in the affected group.  You should still use this as a warning.  Make sure you have implemented or are implementing a sound security policy!  CCS Technology can help you with the design and implementation. 

 

If you want a more in depth explanation of the hack, we suggest: https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/ 

 

If you prefer webinar content: https://info.knowbe4.com/microsoft-exchange-mass-hack-chn 

 

If You Might Be Infected 

  1. Because of the use of bots, you must take the posture that you have been compromised. 
  1. Patch immediately.  Shut down your servers and apply the patches, NOW!   Microsoft released patches for 2010, 2013, 2016 and 2019.  Download and install immediately.   See this for technical details:  https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/    
  1. Applying the patches WILL NOT GET RID of a BAD ACTOR if they are ALREADY IN YOUR SYSTEM.  You must take further action.  The Microsoft Server team has issued guidance on how to look for indicators that you’ve already been compromised.  Go Here: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log 
  1. Obtain professional help from a technical firm that specializes in security like CCS Technology.  These exploits are gateways into your systems and bad actors can utilize these gateways to get farther and deeper into your network and you may not know they are there.  The security specialists will deploy tools and review your system log files for clues to see what is going on.  
  1. If you need help, contact us. We have years of expertise in cybersecurity and we can help. 

 

 

If You Have NOT Been Infected 

While this hack is getting all the attention today, in reality, it is just another security flaw for cybercriminals to exploit and take over your technology assets.   

 

It’s not going to slow down.  Society in general, and business in particular are developing more apps, adding more features to existing apps, and all of those apps and features are being connected to the internet.  It is to address people’s desires for communication and convenience.   

 

Apps are created by humans, and unless the author has a NASA sized budget and timeline, the code in the apps is going to have security flaws.  Every new app or feature that we use increases the possibility that the average person/company can be hacked.    

 

At the same time, Cybercrime elements are gaining sophistication.  There are criminal marketplaces on the dark web.  These are places where criminals can contract for technology, Artificial Intelligence, robotic execution, and even special people skills.  Then there are the massive crime syndicates that exploit human nature and the internet to make money. And let’s not forget the state sponsored cyber terrorists.  And these are the threats that we know about.  Like an iceberg, the part that we can see today is only a small portion of the real threat. 

 

Denial? 

It’s no longer a landscape where anyone can say they are not a target.   

 

Take this specific case.  The flaw was discovered by hackers and they attacked before Microsoft could fix the flaw.  We call that Zero-Day exploits.  Hackers likely used artificial intelligence robots that programmed to detect Microsoft exchange servers running the OWA.  Any target found that was OWA, immediately carried out the instructions to exploit the flaw and hack their way into your system.  

 

Once in, the hackers begin executing their playbook to completely penetrate and explore your systems. 

 

With this robotic technology, everyone is a target, because it doesn’t matter if you’re big or small, if they can get in, they can exploit you or your data.   

 

AND the cost of the robot attack is minimal.  The real cost is the damage done to your network and your customers finding out that your system was hacked. 

 

Why Does This Happen? 

We, us humans, are in conflict.  We want the freedom, the convenience and the benefits all this technology and the internet give us.  However, there is an ever-increasing risk and potential cost to implement those benefits.   

 

Do we invest in securing our networks or not?   Does the convenience of having the smart garage door opener outweigh the potential that a criminal can open the door by hacking your wireless network?   

 

There is not one answer that will fit every situation, but the time has come to think about the need to secure the infrastructure before deployment instead of after the damage is done.  If you are a leader, you’ve got to change your thinking and place security ahead of function.   

 

The bad actors only have to win once – Your cybersecurity has to win every time. 

 

History Repeats Itself 

It’s important to recognize that this has happened before.  My grandparents did not lock their house, and I don’t even think there were locks on the doors.  In my early adult years, it became normal to lock your house.  Then we had to get better locks (deadbolt) to prevent the common thief from using the credit card trick.  Now people have locks and security systems that sound an alarm when the door is breached or the window broken.   And finally, many people are adding security cameras to record the activity going on at work and at home. 

 

The cyberworld is going down the same path, except the rate of change is blazingly fast.  A couple years ago a firewall kept you safe.  
Now, multiple layers of prevention and detection are the minimum in order to protect our networks and our data.  Even with all of this, we are still fighting an uphill battle. 

 

Contact our team of experts to find out if your system has been breached. 

 

Stay safe out there in the cyber world!