Well, in the case you aren’t already informed, there has been a massive breach into the Microsoft Exchange Server System, which may have compromised hundreds of thousands of Microsoft Exchange Server Systems across the world. The hackers exploited the zero-day vulnerabilities to hack the emails.
Just to give you an idea of the gravity of the instance, the hacking episode compromised the system for European Banking Authority.
While initially, the hacking attempt seemed to target specific organizations, however, soon the extent of the attempt was widened and intensified dramatically.
Many SMEs, corporates, and even government entities were caught off-guard, as they were totally unaware of all the happenings till the news was disclosed.
What is a zero-day vulnerability?
Zero-day vulnerability means that the people who were responsible to tackle the situation by patching the vulnerability have zero-days to act before the hacking attempt exploited the vulnerability of the system.
In short, the hackers exploited the vulnerability of the system without giving any time to Microsoft’s people to release the security patch, and thereby, before the patch was released, hackers had already exploited the vulnerability.
- What do you need to do if you use Microsoft Exchange?
Well, if your business also uses Microsoft Exchange, you need to update the security patch on priority. The first step would be to identify the flavor of the Microsoft Exchanged used by your company.
For the most part, the vulnerabilities were present in the on-premises edition of the Microsoft Exchange Service. Whereas, the cloud-based systems did not have any vulnerabilities.
Therefore, if you are using the on-premises edition of the Microsoft Exchange, we highly recommend you apply the patch on priority.
Who is behind the attacks?
According to Microsoft’s official version, the company believes that the attack was led by “hafnium”, which is a Chinese state-sponsored hacking group.
However, China on its part has denied any connection or involvement in the incident.
Regardless of whosoever was behind the attack, the incident may act as the triggering point for other such incidents, where the hackers may exploit vulnerabilities of other systems.
Is this incident anyway connected to the “SolarWinds” attack, which was highly talked about a few weeks back and was blamed on Russia?
As per Microsoft, the company didn’t have any evidence for the involvement of actors behind “SolarWinds” in the latest hacking attempt to exploit vulnerabilities of Microsoft products and services.
How can you fix the security of your company’s system?
Well, Microsoft was quick to issue the security patch for the crucial vulnerability in its on-premises Exchange Servers. It is highly recommended for businesses using the vulnerable on-premises Microsoft Exchange Service to apply the patch on a priority basis.
However, if for some reason, a business is unable to apply the patch immediately, you need to familiarize yourself with the other alternative security options as recommended by Microsoft. The best and most practical solution is to apply the security patch as soon as possible, because other than that, all measures are temporary.
What else you need to do?
While implementing the patch will save you from such malicious attempts in the future, however, if your server has been compromised in the hacking episode, it won’t undo the damage.
Thereby, you should identify if your organization was breached or not and whether or not the hackers were able to gain a foothold.
Microsoft has released the IOC detection tools that can help you scan through the Exchange files for compromises and vulnerabilities.
We also recommend you to check out the Security Advisory by Microsoft to better understand the situation and mitigation measures you need to take.