Microsoft Exchange Email Vulnerability Hits 30,000 US Firms Hard

Cyber Security, Data Security, email security, Hackers, Microsoft, Online Security, Ophtek, Software Security Patches, , , , ,
09
Mar 2021

Vulnerabilities in the Microsoft Exchange Server software have led to 30,000 US businesses being hacked. And it’s a very dangerous hack.

A total of four vulnerabilities have been discovered in Microsoft Exchange Server (MES) which has allowed hackers to carry out numerous attacks. The hackers appear to be part of a Chinese cyber-espionage group who specialize in stealing email communications. It’s believed that hundreds of thousands of firms have been attacked with at least 30,000 of them being US-based. As email is a crucial part of any modern business, it’s not an exaggeration to say that the MES hack is a major threat.

What is the Microsoft Exchange Server Hack?

The MES hack appeared, at first, to be concerned with stealing email data from organizations that were running the server through internet-based systems. The four vulnerabilities, present through MES versions 2013 – 19, allowed the hackers easy access to emails. However, the hackers – who Microsoft have called Hafnium – did not stop at stealing emails. Once they had access to affected systems, they also installed a web shell. This granted Hafnium the opportunity to gain remote access and full administrator privileges. The web shell is password protected and ensures that disrupting the hackers’ access is highly difficult.

Microsoft quickly formulated a security patch to eliminate the vulnerabilities, but many organizations have failed to install the MES patch. As a result, these organizations remain at risk. And, to make matters worse, Hafnium still has them in their sights. Using automated software, Hafnium is actively scanning the internet for any organizations using unpatched versions of MES. This allows the hackers to continue their campaign of data theft and disruption. It also appears that Hafnium is not fussy about who they target. Industries as wide ranging as NGOs through to medical researchers and legal firms have all been infiltrated by the MES hack.

Protecting Against Vulnerabilities

When it comes to attacks such as the MES hack it’s vital that patches are installed as soon as possible. The longer your system is unpatched then the chances of it being breached are exceptionally high. And, if you give a hacker enough time, there’s the chance of additional malware such as ransomware being installed. Setting your updates to ‘automatic install’ is the simplest and quickest way to minimize this risk. This will ensure that any security updates are in place the moment they are available.

But you can’t rely on a patch alone. Patches are not always available in time. And this means that you run the risk of having your systems breached and data stolen. Therefore, make sure that you also implement these procedures:

  • Monitor traffic entering and leaving your network to identify any potential breaches. Unusual levels of traffic can often indicate that hackers have taken control of your network.
  • Segment your network where possible. By separating your network into several different segments, you are limiting the access that a hacker has if they infiltrate your system.
  • Employ two-factor authentication procedures for gaining administrator privileges. This should make it next to impossible for hackers to take full control of your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Support for Microsoft Office 2007 Comes to an End

Microsoft, Office 2007, Office 2010, Office 2016, , ,
17
Oct 2017

maxresdefault (1)

You may have enjoyed a trouble free relationship with Microsoft Office 2007, but support for the suite has now ended. So what does this mean for you?

Well, the truth is that when support ends for a piece of software, you can continue using it almost exactly as you did before. It’s not going to stop working, in fact it will continue working for many years to come. However, without support, the software is effectively out there on its own without any help or protection. Security flaws are no longer closed and any bugs you discover will remain for good. And this isn’t particularly great for a business which wants to remain competitive.

Therefore, you need to make sure that you know how to move forwards from Microsoft Office 2007 and why you have to do this.

The End of Support for Office 2007

Support for Microsoft Office 2007 officially ended on 10th October 2017 as this was the point that Microsoft decided that it wasn’t viable to continue supporting it. It’s common practice for developers to do this, but when it’s a piece of software which includes Microsoft Word, Excel and PowerPoint, it’s kind of a big deal due to the number of people using these applications on a daily basis.

As mentioned previously, you can continue to use Office 2007 but you’re putting yourself at a huge risk of being hacked. You see, hackers see unsupported software as one of the easiest targets out there and, if they find a security flaw, they’re going to exploit it safe in the knowledge that it’s never going to get patched and these legacy attacks can cause major issues. There are also certain features which will no longer be supported e.g. Outlook 2007 can no longer use Office 365 to access Exchange Online mailboxes and this could create huge communication issues for a business.

maxresdefault

What Do You Need to Do?

Quite simply, you need to upgrade and you need to upgrade quickly due to the potential issues we’ve already outlined. Upgrading ensures that your version of Microsoft Office is not only secure, but can also operate in the way your business needs it to. There’s also the added bonus of new features which were never present in Office 2007.

It’s all a matter of cost, of course, but there are several options available when it comes to upgrades. Office 2010 is the next step up, but you have to bear in mind that Microsoft only ever grant their office suites a 10 year lifespan. Therefore, support for Office 2010 is due to be retired in just three years and means that a further upgrade would be needed relatively soon. This doesn’t make for great economics, so, to give yourself the best experience with Office it may be best to look at going straight in for Microsoft Office 2016.

With its lifespan barely started, Office 2016 promises to provide better security and a better work environment for your organization to operate in.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2