Microsoft Exchange Server Vulnerabilities

Mar 15, 2021

As business owners, we are all keenly aware of how integral technology is in every industry these days. We have heard countless times how technology helps drive innovation and growth, improves communication in the organization, and increases your advantage over the competition. As a warning, new technology still has vulnerabilities. Recently, new security flaws were discovered on Microsoft Exchange Servers. That’s why we are running this blog: as a warning to anyone running Microsoft Exchange Servers.

Your Microsoft Exchange Server may be Vulnerable to Attack

We’re acutely aware of how many small businesses rely on these servers to augment their IT departments. And this means many small businesses are at risk. More than 60,000 companies and organizations have been compromised. This is a world-wide threat. Chinese hackers are confirmed at attacking and exploiting vulnerabilities in on-premise servers. Something to pay attention to is, if you’re running Microsoft Exchange ’13, ’16, or ’19 on-site, these were the servers that were vulnerable to attack.

Attacks and Hacks

In January, Microsoft was made aware of what were labeled ‘zero-day’ bugs. These bugs are flaws that we are aware of, but have not yet been addressed. As these weak spots are uncovered, there is a high probability of attacks and breaches. This means they’re highly dangerous for organizations and businesses that hold sensitive data. On March 2nd, Microsoft released updates to repair the zero-day bugs and said that there had only been a limited number of targeted attacks. Despite these fixes and patches, there is still a huge potential for attacks on individual Exchange Servers. This threat is due to the awareness and speed of the patch installation. This means the number of victims grows as more and more hackers continue to target un-patched systems.

Who is behind these Hacks?

Microsoft initially reported that their zero-day vulnerabilities were exploited by Hafnium, a Chinese APT group that is state-sponsored. The group achieved the hacks by using zero-day vulnerabilities to gain access to Exchange servers. As a result, hackers can access email accounts and install malware. These attacks create long-term access for future breaches.

Hafnium has a reputation for targeting US entities in different sectors. Some of these attacks included NGOs, policy think tanks, defense contractors, higher education institutions, law firms, and infectious disease research facilities. Previously, the group compromised victims through the exploitation of internet-facing server vulnerabilities. Hafnium has used open-source frameworks such as Covenant, a legitimate piece of software, for control of the servers. After gaining access to the victim’s network, the group usually uploads the stolen data to a file-sharing site.

Currently, Hafnium is often unsuccessful in its attempts to compromise customers’ accounts. Unfortunately, this doesn’t make the problem any less serious. You have to be aware that they are trying new attacks every day. Usually, if hackers want to find a way in, they will.

Other Group Threats

Since the initial hacking by Hafnium, other groups have exploited the flaws in MS Exchange Servers. A report was published declaring at least 10 groups that are hunting down un-patched servers.

When Will we be Safe?

According to DIVD (the Dutch Institute for Vulnerability Disclosure), there are thought to be at least 46,000 un-patched servers still running that are at risk of being heavily exploited. Current estimates are that up to 40% of Exchange servers in the Netherlands are still open to attack.

Protect Your Business!

Check to see if your business uses Microsoft Exchange Servers. If you do, or if you’re not sure, keep reading. If you know you haven’t updated your Exchange Server recently, there are some things you should do immediately. First of all, passwords that are sitting in memory could be vulnerable. You should immediately reset all passwords. Next, run the latest patch for your system. As a safety measure, you might want to change your passwords after you run the patch. What this means is, when breaches like this occur, you can’t be too safe.

Steps to Secure Your Server

There are several things you can do to enhance your protection:

  1. Patch your system with Microsoft updates.
  2. Reset all passwords and change all credentials.>/li>
  3. Double-check your backup device. Is the repository ok? Have you tested it?
  4. Verify your router. You should also check your security with your vendor. Ask them when they last updated their signatures.
  5. Scan for and investigate any malicious activities on your Exchange servers.
  6. And finally, if you are unsure about your network’s safety, restore your Exchange server to a time before the compromises occurred.

If you are not sure what kind of servers you are using, or you need help running the update patch, that’s what we’re here for. We are happy to help you figure out if you’re at risk from this threat. To help you ease your mind, contact us today!

The Employer’s Guide to Cyber Readiness

The Employer’s Guide to Cyber Readiness

Cybercrimes are becoming more rampant worldwide as cyberattacks like ransomware, malware and phishing become commonplace. With global cybercrime damage amounting to $16 billion a day, it’s important for businesses to have cyber readiness to avoid financial damage to...

The State of Cybersecurity Insurance Today: Emerging Trends 

The State of Cybersecurity Insurance Today: Emerging Trends 

The cybersecurity insurance market has grown exponentially in recent years, and it’s only expected to continue expanding. In fact, by 2028, the market is expected to be valued at a staggering $26.24 billion. It’s clear that as cybercriminals become more adept,...

How to Develop a Reliable Disaster Recovery Plan

How to Develop a Reliable Disaster Recovery Plan

In today’s digital world, we rely on our business technology more than ever. That’s why you should be doing everything you can to protect your data and technology. In order for your business to stay protected, you need a disaster recovery plan. According to the...