WHAT IS THE MICROSOFT EXCHANGE HACK AND HOW DOES IT AFFECT YOU? Throughout January, Microsoft was the victim of a cyber attack that focused on their popular Exchange servers. Microsoft then made an emergency patch announcement in early March to encourage users to upgrade and protect their networks. The vulnerability within their software has allow hackers to access servers for Microsoft Exchange, which lead to email accounts being access, as well as allowing installation of additional malware to facilitate long-term access to IT environments.
Initially, early estimates were that around 30,000 people are hack, but this number is in fact a lot higher – with possibly hundreds of thousands of servers being hack. The victim list continues to grow but so far it includes schools, hospitals, cities, and pharmacies. Organizations that have migrated to Microsoft Exchange Online and Microsoft 365 products seem to have avoided the attack.
What is the risk?
Cybersecurity firms say they have begun to observe hackers stealing passwords from networks and installing cryptocurrency mining malware on servers. Microsoft have also reported that they have discovered a new strain of ransomware. One organization has report theft of their emails and address book, with legitimate-looking emails being send to customers, asking them to click on links.
Who’s behind the attack?
Microsoft has attributed the attack to a network of hackers called Hafnium, a group reported to be operating out of China. Microsoft has described this group as “a highly skilled and sophisticated actor.”
What is being done?
A security patch is release as soon as Microsoft became aware and fixed the initial issue which has led to this blog that keeps all on-premise Exchange Server customers up to date with threat intelligence and guidance across their products and solutions to help protect your IT environment. Microsoft have also release a guide on how to understand whether you have been affect and how you can mitigate risks moving forward. WHAT IS THE MICROSOFT EXCHANGE HACK AND HOW DOES IT AFFECT YOU?
While companies may assume their system is fix due to the security patch, this may not be the case. The emergency update does not expel attackers from servers, leaving some organizations susceptible to further exploitation.
While the goal of the attack remains unclear, it doesn’t mean it won’t happen again so protecting your environment is extremely important. If you haven’t already, install the patch and safeguard your data and start to consider moving to the cloud and obtaining M365 services to help avoid the risks that older software versions bring.
Resource : What is the Microsoft Exchange hack? | License Dashboard
Software Asset Management CyberSecurity Consultants in the Middle East (gcst.ae)