Exchange
Another week brings another security breach of breathtaking proportions. It turns out that since at least January 4, organisations with their own Exchange email servers have been vulnerable to external attack. That means tens of thousands of email servers around the world have been compromised, with the European Banking Authority and the Norwegian Parliament among the high-profile victims. Microsoft has pinned the blame on a state-backed group in China known as Hafnium, but at least 10 groups have been spotted trying to take advantage of the vulnerabilities.
There is consternation about the potential impact of the breach. On Wednesday, the US warned, "Successful exploitation of these vulnerabilities allows an attacker to access victims’ Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.... adversaries will continue to exploit this vulnerability to compromise networks and steal information, encrypt data for ransom, or even execute a destructive attack. Adversaries may also sell access to compromised networks on the dark web".
Microsoft has issued updates to fix the vulnerabilities, including for versions of Exchange that it no longer supports, but the problem is the length of time hackers were able to exploit the issues. Veteran cybersecurity journalist, Brian Krebs, says many experts believe a variety of groups got wind of the vulnerabilities and were able to exploit them before they were patched. The result is a potential 'long tail', with reports that wide scale ransomware attacks have already begun. Worse, Krebs says Microsoft was first notified about the issues in January which raises obvious questions about the way the technology industry handles such challenges.
Anyone with an Exchange server on their own premises should obviously have patched their machines by now, but it's also vital to ensure data are backed up and that those backups aren't connected to the internet. It's also worth considering whether a cloud-based email solution would be a better way to provide email communications.